View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 14, 2014

HSBC Turkey not reissuing credit cards despite breach

2.7 million accounts breached by unknown attackers.

By Ben Sullivan

Following a hack on HSBC Turkey which exposed the details of 2.7 million customer credit card accounts, the bank has said it will not be reissuing cards to those affected because it claims the cards are still secure.

The data breach, which occurred last week but only made public yesterday, has hot be linked to any fraudulent transactions as of yet.

In an FAQ PDF released by HSBC, the bank said: "Information compromised consisted of card and linked account numbers, card expiry dates and card holder names of our customers. There is no evidence that any of our customers’ financial information or personal information was compromised.

"Our cards are secure and customers can continue to use their cards as usual."

Trey Ford, who is a security strategist for Rapid7, said: A couple of things stand out – the attack happened last week, and they’ve caught it already, and they caught it themselves. This is impressive given that the vast majority of breaches are detected by third parties, and often not for months."

"We would like to inform you that HSBC recently identified and stopped a cyber-attack on our credit card and debit card systems in Turkey," HSBC said in its initial statement.

"On identifying the incident, we took immediate action to safeguard our customers. We have launched an ongoing investigation in cooperation with the Banking Regulation and Supervision Agency of Turkey and other relevant authorities."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Ford also sheds some light on why HSBC have taken the decision not to reissue the affected credit cards.

He said: "HSBC is underscoring that cards will not be re-issued at this time, and that the compromised data will not impact Internet Banking, ATM transactions, and telephone banking services; customers can continue using their cards with confidence. This is because "card present" transactions require additional information that would be encoded on the magnetic strip, and for "card not present" transactions, the card security code (CVC or CVV2) would be required to transact business."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.