HSBC Loses 2.7m Customers’ Data in Turkish Attack

HSBC Turkey said that cyber criminals had stolen the credit card information of 2.7m of its Turkish customers and that additional security measures to monitor transactions had been put in place.

The breach, similar to that recently suffered by JP Morgan Chase, is limited to Turkey and should not result in financial risk for customers, said the London-based bank.

“HSBC is the latest bank to join the long list of high profile data breaches,” commented Jason Hart, vice president (VP) cloud solutions for SafeNet. “This news shows that banks worldwide need to be continually vigilant and it should be a wake-up call to the financial sector about its vulnerability to cyber-attacks.

“While it’s still too early to estimate how this hack will impact HSBC customers’ loyalty, the consequences of these attacks can be damaging both to the institution’s reputation and bottom line, as well as to customers’ confidence in the entire financial sector.

“The important question to ask is whether the stolen sensitive data was encrypted. What we have seen again and again with these types of attacks against banks is that breach prevention and threat monitoring alone will not keep the cyber criminals out. Being breached is no longer a question of ‘if’ but ‘when’, so banks need to move away from the traditional strategy of focusing on breach prevention towards a ‘secure breach’ approach.

“This means adopting a data-centric view of digital threats starting with better access control techniques, stronger authentication measures and the use of encryption and key management to secure sensitive data. This is the only way to ensure data is effectively useless should it fall into unauthorised hands.”


Related reading