In the News
In HSBC Customer Accounts Breached in US, Phil Muncaster at Infosecurity Magazine discusses a recent breach at HSBC Bank which led to the exposure of customer personal emails and dates of birth as well as financial statements and account numbers. The breach is being chalked up to credential stuffing, a technique in which previously exposed customer information is used to bypass security measures. Muncaster explains that HSBC communicated with those affected stating that their online accounts were frozen which investigations took place.
Our Take
Data breaches at financial institutions are all too common in today’s society and pose a significant security risk for customers and their personal information. When such personal information is exposed, you are vulnerable to being financially exploited and identity theft. While it seems as though HSBC took diligent steps to acknowledge the breach and ensure such events do not recur, the frequency of data breaches specifically at financial institutions should trigger the consumer to be more cautious about the information they provide to their financial institutions and online accounts in general. The method used to accomplish this data breach, credential studding, capitalizes on customer’s reusing passwords and readily known customer information such as email addresses. By places a higher priority on password protection and privacy, you can take proactive measures to make sure you are not impacted by financial data breaches.
Recommendations
How can you protect your personal and financial information from companies entrusted with your data?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Refrain from choosing passwords that contain a simple word or phrase–create strong passwords and change them every so often – the longer, the better
- Minimize the number of accounts that have direct access to your bank account or card numbers
- Add security safeguards, such as multi-factor authentication and alerting, to accounts as necessary to prevent fraudulent transactions from occurring.
- Check your email, financial accounts, and credit reports regularly for abnormal activities
- Stay up to date on current security breaches to see if you may have been impacted