The data breach includes names, addresses, transaction histories, account information and more.
International banking giant HSBC has reported that it was breached in October, as a result of a credential-stuffing attack.
In a notice [PDF] filed with the state of California, the bank said that it became aware of some online accounts being accessed by unauthorized users between October 4 and 14. The hack affected a segment of the bank’s U.S. customers — less than 1 percent of its U.S. client base, it told the BBC, though exact numbers have not been released. The incident exposed names, addresses and dates of birth, along with banking-specific information like account numbers and balances, statement and transaction histories, and payee account numbers.
“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” the bank said in a statement. “We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identify theft protection service.”