View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 29, 2016updated 30 Aug 2016 5:16pm

HSBC online banking offline after DDoS cyber attack

News: The bank says it has been able to defend itself.

By Charlotte Henry

HSBC has admitted that is was the victim of a cyber attack, after its online personal banking services were knocked offline and customers were unable to access their online bank accounts.

The major high street bank said that it was hit by a DDoS attack, but was able to successfully defend its systems.

The bank tweeted: "HSBC UK internet banking was attacked this morning. We successfully defended our systems."

A spokesperson for the bank said: "HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK. HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused."

The statement indicates that customers do not need to worry that they will be unable to receive or make payments.

DDoS attacks flood computer networks and are typically used to knock systems offline to allow hackers entry in order to steal data. For example, it is thought that such an attack was used in order to facilitate the mega data breach suffered by TalkTalk.

Many HSBC UK customers expressed their anger over twitter, and were concerned that they could not get access to their bank accounts online just two days before the deadline for filing self assessment tax returns.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Some people were also wondering why HSBC were saying they had successfully resisted the attack, when they were unable to access services.

HSBC customer queries successful defence

Brian Spector, CEO of digital authentication firm MIRACL, said: "Not even the largest financial institutions on earth are immune from cyberattacks that disrupt business operations. HSBC is using antiquated authentication technology, what else is not up to speed such that one of the world’s largest banks has been taken offline?

"HSBC are claiming to have "successfully defended" the attack but if your main business is taken offline, and your website is unreachable, you have not successfully defended yourself."

Mark James, Security Specialist at IT Security Firm ESET, said that customers should be vigilant in the wake if this attack:

"As in all situations like this please be mindful of the after effects, nothing may happen but just be a little bit more cautious when opening emails or taking calls from people claiming to be associated with your financial organisations.

"Remember NO bank will take offence if you want to double check things by calling back or verifying who they actually are, it’s a few minutes of your time that may save you hundreds or even thousands of pounds and definitely make sure you have good regularly updating internet security software installed on your computer or mobile device."

The Bank of England identified cyber security as a major risk to the stability of the UK financial system in its July 2015 Financial Stability report, saying: "Cyber attack have the potential to threaten financial stability by disrupting the vital functions that the financial system performs for the real economy."

Today’s attack comes just days after Andrew Tyrie, Chairman of the influential Treasury Select Committee of MPs, published letters he had written to the banks expressing concern about the resilience of their IT systems. The CEO of HSBC was one of those Tyrie contacted.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.