HSBC is the latest to company to reveal that it sensitive customer information was breached by attackers. The incidents occurred between October 4th and October 14th with the attackers gaining access to customer account details, statement histories and other customer data. Somewhat thankfully less than 1% of HSBC’s 1.4 million United States customers were affected by the breach. HSBC has stated it has started to inform affected customers of the breach.
I’ll continue to advocate that until the penalties for data breaches are increased they will continue to happen at an alarming rate. Companies are simply not putting enough resources into cybersecurity to prevent these breaches from happening at an ever increasing pace. The damage that can be done to an individual when their private data is stolen and used for identity theft purposes cannot be understated. In this case it’s particularly concerning that statement history was also accessed. It’s also disappointing that this data was breach more than a month ago in some cases and we are only hearing about it now. How long has HSBC known about this breach and left it unreported?
Hat tip to Jonathan W
I’d like to know how exactly ‘less than 1%’ of accounts even get breached. Seems like a really small amount for a systemic breach. Could these have been customers who reused a password from another site that was hacked?
HSBC is probably lying about that.
Where’s the proof that it’s less than 1%? Oh let’s just take HSBC word for it. Hahaha. Yea cuz hsbc would never, I don’t know…lie about it?!??!
Get the f outta here. HSBC is the scummiest bank on the planet. Will never ever do business with them no matter what the bonus is.
Get’em Auntie Maxine!!
I imagine they’ll get hit with a bit harder of a penalty than your usual breach since they are a bank (regulators like fining banks) but as usual the customers will get a shrug.
Meh. If anyone thinks their accounts are secure, they’re delusional. State actors like Russia, China, North Korea, the US surely have penetrated all major financial sites.
So true but the masses are unaware nor would they care
And are any state actors out to steal my identity or otherwise misuse it for financial gain? Not likely. To me, “secure” means protected against rogue actors looking to financially profit by misusing my personal data.
HSBC is scum. Terrible and unethical bank.
Government fines need to be levied against companies who get breached on this scale. Similar to Medical Malpractice.
This is so much more of a travesty and tragedy than AMEX clawing back statement credits. But you wouldn’t know it from people’s reaction on this blog. Total lack of awareness of the Big Picture.
At least the breach didn’t happen like a year ago.
Whenever I become eligible for yet another free year of credit monitoring, I like to know as soon as possible.
A good penalty in this case would be to force the HSBC execs to deal with their own CSRs for 3 hours a day, and force them to only be able to access their own financial accounts through the direct involvement of one of their own reps (via phone). That would likely cause them to commit suicide!
Couldn’t agree more, especially after spent 2 months on the phone with HSBC’s CSRs and fraud team to just open a savings account.
This would be justice
I doubt the execs have any HSBC accounts
not surprised.
never fucking trusted the hongkong shanghai banking corporation…
As if spelling it out somehow makes them more ominous. They’re a large multinational bank, same as the other guys.
He forgot to include “PLC” in the name.
They’re British.
But if they can afford to give away hundreds of $$$ for new accounts, they should be paying *at least* hundreds of $$$ for each account that is compromised.
theyre actually british but yea shitty and outdated
Wow! Not shocked at all it’s HSBC.
What penalty would be appropriate according to you? Say $100 per affected customer? What’s the ballpark amount of penalty right now, for losing say 1 million SSNs?
The penalty now is basically you get some negative PR as you have to disclose the breach. You also need to pay for credit monitoring for affected customers for one year. I don’t know the bulk rates for credit monitoring, but it wouldn’t be expensive. I’m not sure how high the penalties should realistically be, I’d need to do further research to make any sort of informed opinion on that but the current penalties aren’t even a slap on the wrist.
im also not sure you can put a number on someone that has to essentially go through the trouble of monitoring their credit. Sure its one thing for people that like to do it, but for others its more than just the cost of the credit monitoring. “Pain and Suffering” payment comes to mind…
Hmm… I agree with you that there has to be a stiff penalty. After the Equifax data breach, I’m like meh. Whatever had to be stolen has already been stolen.
What’s your opinion on allowing people to voluntarily change their SSN, as long as they have a “clean record” whatever that means? And moving over to 20- digit SSNs while we are at it?
I think there are issues with people allowing to change their SSN and probably a significant cost to the government. I’m not sure why the government should incur the costs caused by corporations. .
I’d pay the government 1k if i could get a new SSN for churning… oh the possibilities!!
+1. I’ll gladly pay $1000 per year per person, for myself and player 2. Wow!
I researched the possibility of doing that when CSR had the 100k.
Sara Logan Haha
I mean you can form an unlimited number of LLCs in your name and churn credit cards using the EIN for each LLC so in a way this is sort of possible.