In a Notice of Data Breach to customers, which has been filed with California’s Attorney General’s office, the bank says: “HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. “When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account.” The information that might have been possibly accessed includes full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history. HSBC has not provided exact details as to how many people were affected by this breach nor it is immediately clear if any money was stolen. “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously. We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts,” Rob Sherman, U.S. head of media relations, HSBC External Affairs said in a statement. The bank is also offering a one-year free subscription with credit monitoring and identity theft protection service by Identity Guard to its affected customers. “We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service.” Although the bank’s official statement does not specify how did hackers gain access to their customers’ data, it is believed that hackers gained access via the HSBC online app. In order to prevent credential stuffing attacks, the bank is urging its customers to keep their accounts safe by regularly changing and using strong passwords, and use unique passwords at each site they visit. The customers should also monitor transactions in their accounts for any unauthorized activity.