HSBC refutes Dark-Web data leak claims after internal review

HSBC has denied claims circulating online that sensitive customer information belonging to HSBC USA clients was stolen and leaked on a dark-web forum.

 

A threat actor recently posted what they alleged to be HSBC customer records, including financial and personal information. The posting sparked initial speculation about a possible exposure of banking data.

 

However, HSBC says the allegations are false following a review of the dataset.

 

In a statement provided to teiss, the bank said:

 

“The claims made by this threat actor are false. HSBC conducted a thorough investigation and reviewed the sample data set posted by the threat actor. We have determined that the sample does not comprise legitimate HSBC customer data and that the sample data did not originate from any breach of HSBC systems or those of any of our service providers. There is no indication any HSBC customer data has been exposed.”

 

The bank stated it has found no evidence of a breach affecting its systems or third-party providers and confirmed the sample posted online does not represent real HSBC customer information.

 

Cybersecurity analysts note that false breach claims are increasingly used by criminal actors seeking attention, credibility, or financial gain, even when no intrusion has occurred.

 

HSBC said it remains focused on ensuring accurate information is available to avoid unnecessary alarm among customers or confusion in public reporting.

 

At this stage, no verified evidence suggests any compromise of HSBC customer data, and the bank emphasised there is currently no risk identified to its clients.