HSBC customer mortgage information exposed

HSBC is informing some customers in the US that their mortgage account information was inadvertently made accessible via the internet

HSBC is informing some customers in the US that their mortgage account information was inadvertently made accessible via the internet.

The bank discovered at the end of March 2015 that 685 mortgage customers in New Hampshire in the US were affected. The bank said it believes the information was made accessible online towards the end of 2014.

HSBC UK told Computer Weekly: "This matter only affects some mortgage customers of HSBC Finance Corporation in the US."

The information potentially exposed included names, social security numbers, account numbers, old account information and possible phone numbers.

“HSBC takes this very seriously and deeply regrets that this incident occurred. We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a reoccurrence of such an incident,” said the bank in a statement.

The information is no longer accessible publicly, it added.

Read more about data breaches

HSBC started informing customers on 9 April 2015 and is offering them a free subscription to a service called Identity Guard, which will help the customers identify if their details are being used by fraudsters.

“It not only provides essential monitoring and protection of credit data, but it also monitors internet chat rooms and newsgroups, and alerts customers if their social security number, credit cards and bank account numbers are found in unsecure online locations,” said HSBC.

There were no details on how the bank uncovered the problem or whether any customer data had been used fraudulently.

In 2009, three HSBC companies were fined a total of £3m by the Financial Services Authority (FSA) for failing to protect customer information, which led to two incidents of data going missing.

HSBC Life UK was fined £1.61m; HSBC Actuaries and Consultants was fined £875,000; and HSBC Insurance Brokers was fined £700,000. All of these companies are part of HSBC's insurance business.

The FSA revealed that "large amounts" of unencrypted customer details had been sent via post or courier to third parties.

Read more on IT for financial services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.