HSBC has informed New Hampshire's Attorney General of a compromise of some records of current and former mortgage customers of its HSBC Finance unit. HSBC Finance is a nonbank lender, formerly known as Household Finance, that HSBC bought in 2003. The bank is in the process of winding it down.
In the breach, some personal information about mortgage accounts was "inadvertently made accessible via the Internet," including customers' names, Social Security numbers, account numbers, old account information and possibly some phone numbers, the bank wrote in a letter to state officials.
The bank says it learned of the breach March 27, and said it took place late last year.
"HSBC regrets this incident, and we take our responsibility for the security of customer information very seriously," said bank spokesman Rob Sherman in a statement. "We responded immediately to ensure the information was no longer publicly accessible on the Internet, and are notifying all affected customers as well as offering one year of free credit monitoring. We have also implemented additional security measures designed to prevent a recurrence of such an incident."
HSBC said it has ensured that the information is no longer publicly available. It began notifying affected customers on April 9 by letter and it's offered customers a free one-year subscription to Identity Guard, a credit monitoring and identity theft protection service.
The bank would not say how many records and customers were affected, nor how the breach occurred or what specific security measures it's implementing to prevent future breaches. Sherman did say the bank saw no evidence of fraud or ill-intent.