HSBC blames data breach on password reuse

In November 2018, HSBC announced a serious data breach in its US business between October 4 and 14, when fraudsters used credential stuffing to gain access to detailed account information relating to about 1% of its 1.4 million US customers. HSBC said that in response it had strengthened its login and authentication processes and implemented additional layers of security. The bank gave affected customers a year's credit monitoring and identity fraud protection, and reminded customers to use unique passwords. 

https://www.ft.com/content/ded1f64c-e1ea-11e8-a6e5-792428919cee
writer: Laura Noonan and Nicholas Magaw
publication: Financial Times