HSBC USA Customer Data Allegedly Exposed in Major Breach Claims
Threat actors have claimed responsibility for a significant data breach targeting HSBC USA, alleging the theft and subsequent leak of a large trove of personally identifiable information (PII) and sensitive financial records belonging to the bank's customers. The compromised data reportedly includes full names, addresses, Social Security numbers, dates of birth, phone numbers, bank account numbers, account balances, and transaction histories. Multiple sources indicate that the data was posted on prominent data leak forums, with early analysis by independent researchers suggesting the leaked samples appear legitimate, though the full scope and authenticity remain under investigation. Security experts warn that the exposure of such comprehensive PII and financial details could enable a range of fraudulent activities, including identity theft, unauthorized account access, SIM swapping, and spearphishing attacks.
HSBC USA has publicly denied that a breach occurred, stating that internal investigations have found no evidence of compromised systems or service providers. Despite the bank's denial, cybersecurity researchers and industry analysts emphasize the severe risks posed by the alleged leak, urging financial institutions to strengthen authentication mechanisms, enhance account recovery processes, and promptly notify potentially affected customers. The incident has raised concerns about the adequacy of data protection measures in the banking sector and highlights the urgent need for robust security controls to prevent large-scale identity and financial fraud.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Alleged HSBC USA customer data is leaked online
Hackers subsequently leaked the purported HSBC USA customer data online, escalating the incident from a breach claim to public exposure of the allegedly stolen records.
Hackers claim breach of HSBC USA customer data
Threat actors publicly claimed to have breached HSBC USA and to possess customer data, including personally identifiable information and financial or transaction records. Multiple reports describe the same alleged incident and data exposure claim.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Attacker claims massive identity attack on PII at HSBC USA
scworld.com
Open sourceHackers Claim Breach of HSBC USA Exposing Customer Financial Records
cyberpress.org
Open sourceHackers leak alleged HSBC USA customer data
scworld.com
Open sourceHSBC USA data breach exposes client transactions, hackers claim
cybernews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
National Public Data Breach Exposed Social Security Numbers and Personal Records
National Public Data disclosed a security incident affecting a large repository of consumer background-check and people-search information, with exposed data reported to include highly sensitive personal identifiers such as **Social Security numbers**, names, mailing addresses, and other profile details. The company published a breach notice on its website, while an individual notification letter filed with the California Attorney General indicates affected residents were formally notified that their information may have been involved. The incident drew attention because the compromised records appear to involve data commonly used for identity verification and fraud, increasing the risk of **identity theft**, account takeover, and social-engineering abuse. The notification materials show the breach response included direct notice to impacted individuals and guidance on protective steps such as monitoring accounts and credit activity, underscoring the seriousness of the exposure for consumers whose records were held by the data broker.
May 26, 2026
Hackers Claim Breaches at Bancolombia and Banco de Bogota
Hackers have claimed breaches at **Grupo Bancolombia** and **Banco de Bogota**, with purportedly stolen data posted on **DarkForums** by what researchers said appeared to be the same threat actor. According to reporting cited by Cybernews and SC Media, the alleged **Bancolombia** leak included screenshots of an internal content management system showing customer names and login/logout timestamps, as well as PDF files containing customer and advisor names, location details, and insurance plan information. The alleged **Banco de Bogota** exposure reportedly involved nearly 30 records containing full names, physical addresses, and phone numbers. Researchers said the breach claims had not been independently verified, but warned that even limited personal data could be combined with information from other leaks to support phishing, social engineering, and other targeted attacks against affected customers.
May 25, 2026
JPMorgan Chase Breach Exposed Contact Data for 76 Million Households
JPMorgan Chase disclosed that attackers breached its network and accessed customer contact information tied to **76 million households** and **7 million small businesses**, making it one of the largest publicly reported compromises of a U.S. financial institution. The bank said the stolen data included names, email addresses, phone numbers, and physical addresses, while **account numbers, passwords, Social Security numbers, dates of birth, and debit or credit card data were not exposed**. The intrusion reportedly began in June, went undetected for weeks, and involved access to more than 90 servers before the company contained it and notified customers using services such as Chase.com and its mobile banking platforms. U.S. investigators examined possible Russian links early in the case, and later authorities charged **Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein** in connection with a broader hacking campaign tied to the JPMorgan intrusion and other attacks on financial firms and publishers. Prosecutors described the operation as part of a multi-year scheme that stole data from more than 100 million customers across victims, while security experts warned that the JPMorgan data set remained highly valuable for phishing and fraud because it provided a large, current list of bank customers and small businesses. JPMorgan said it had not seen unusual fraud directly tied to the breach and urged customers to be wary of unsolicited emails and text messages.
May 26, 2026