HSBC Bank sent a letter to an undisclosed number of customers informing them of a data breach that might have exposed their personal information.

The California Attorney General’s Office recently received a template of a letter that HSBC Bank sent out to customers on 2 November.

In the notice, the bank explains that it learned of unauthorized users accessing customers’ accounts between 4 October 2018 and 14 October 2018. It responded by suspending online access to affected customers’ accounts. It also reached out to these victims by phone or email to help them change their credentials and subsequently regain access to their accounts.

Those behind the unauthorized access might have obtained access to each affected customer’s name, physical address, email address, phone number and date of birth. They also might have exposed some pieces of their banking information including their account numbers and transaction history.

The statement does not specify how the attackers gained entry to customers’ online accounts. It also does not reveal the total number of customers affected by the data breach.

HSBC Bank is one of the largest banking and financial services organizations in the world. It maintains 7,500 offices in over 80 countries in Europe, Africa, the Americas, the Asia-Pacific region and the Middle East.

In its template letter, the institution offers affected customers a free year’s subscription with credit monitoring and identity theft protection service Identity Guard. It also reveals that it “enhanced… [its] authentication process… [by] adding an extra layer of security.” This sounds a lot like two-factor authentication (2FA), but HSBC Bank hasn’t confirmed.

Security incidents like the one suffered by HSBC Bank highlight the importance of financial services organizations taking steps to reduce their digital risks and automate their compliance with regulatory standards. In response, these companies should consider investing in a solution that can help protect their financial systems, maintain availability and automate compliance. Learn how Tripwire can help.