Hacker Group Claims it Stole Debit Card Details from HSBC During Cyberattack

One of two groups that claim responsibility for a cyberattack on HSBC (HBC) says it did more than slow service to customers despite the bank’s statements to the contrary.

Anonymous, a collective that says it flooded lines between the $2.7 trillion-asset bank and the Internet on Thursday to prevent customers from logging on to their accounts, said Friday it also made off with information about tens of thousands of debit cards.

“When HSBC said ''user data had not been compromised'' This isn't entirely correct,” Anonymous tweeted on Friday.  “We also managed to log 20,000 debit card details.”

“Were debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho,” the group added.

The bank said Thursday its websites had endured an electronic assault but that information belonging to customers remained untouched.  “This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking,” the company wrote in a message posted on its website.

HSBC did not respond immediately to a request for comment on Anonymous’ contention.

A group that calls itself Izz ad-Din Al Qassam Group, which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC.  The Al Qassam Group has vowed to attack banks in retaliation for an American-made, anti-Islam film. 

For its part, Anonymous also has identified other banks the group says it will target as part of its cyber offensive.  “RBS, Lloyds TSB and Barclays are next,” the group tweeted Friday morning, before tweeting that Barclays would be its next target. 

A spokesman for Barclays declined Friday to comment on the threat.

Though the attacks have disrupted online banking and frustrated customers, one unknown that accompanies them is whether they also entail fraud. Shifting claims of responsibility also cloud the hackers’ contentions. 

“If it was the Middle Eastern guys, then Anonymous could not get into the system,” Avivah Litan, vice president and distinguished analyst at Gartner Research, told American Banker. “The truth is, if they weren’t the ones who committed the crimes it would be hard for them to get access.” 

Anonymous has demonstrated it can sow chaos successfully, but the group has yet to show it has the know-how to hack its way past a bank’s defenses, according to Litan.  “It’s pretty clear it came out of Iran and that’s it’s a different group than Anonymous,” Litan added.

Iran has denied any role in the slowdowns.

Litan says the attacks, which began with an assault on Bank of America in September, have occurred with unprecedented force.  “They’re flooding the lines with 100 gigabytes of data a second,” Litan said.  “That’s never happened before.  The systems that usually mitigate against these attacks were rendered useless.”

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER