back to article HSBC Turkey WON'T reissue cards despite 2.7 MILLION account details going AWOL

HSBC Turkey has confessed to a security breach exposing the details of 2.7m credit card accounts but the bank has made a decision not to reissue cards after deciding that the data exposed is not enough to make fraudulent transactions. The compromise – limited to the international bank's business in Turkey – exposed credit card …

  1. Anonymous Coward
    Anonymous Coward

    WTF?

    " the card security code (CVC or CVV2) would be required to transact business.”"

    Phew that's at least a hundred billion combinations.

    What? It's only 3 digits long, but that's only.....Arrgggghhhh?

    1. Robert Helpmann??
      Childcatcher

      Re: WTF?

      Just because everything needed to complete fraudulent transactions were not stolen from one source does not mean that the remaining bits cannot be or have not been pulled from another source... or guessed. This appears to be a case of failing to get a basic security concept and then belligerently defending the mistake. Individual pieces of sensitive information can be assembled from a variety of sources. On their own, they may not do any harm, but together they can be used with great effect.

      I would not look for any announcement on the actual outcome in terms of accounts hacked, but I am happy I do not count as one of their customers!

  2. Anonymous Coward
    Thumb Down

    Of course...

    If fraudulent transactions DO take place, the bank will have no problem blaming the customer anyway...

  3. vmistery

    Just for a sec there I thought they were making a christmas related headline.

  4. Doctor Syntax Silver badge

    Encryption

    Why was this stuff laying around in plain text? Or did they steal the key as well?

  5. Jock in a Frock

    Surely it would be de rigeur for HSBC to replace the cards? How much would it cost? Isn't the bad publicity going to cost them more? For a few quid they could also produce a TV commercial saying how seriously they took security (apart from letting the data out of the door in the first place).

  6. JaitcH
    FAIL

    "The compromise – limited to the international bank's business in Turkey ..." Oh, really?

    If you do a Traceroute on a HSBC account, regardless of country, you will find they all end up in New Jersey, USA. All the ATM's, via MUX systems, also end up in New Jersey.

    If you e-mail any HSBC entity they, too, are routed through the HSBC 'e-mail washing machine'

    So why does a major breach not suggest that other regions in the HSBC banking computers cannot be equally easily penetrated? This is NOT the first time.

    Sounds like a lot of PR tosh is being applied.

  7. Anonymous Coward
    Anonymous Coward

    HSBC Would Know.......

    Nobody does fraud unless we do fraud......and we don't participate in fraud, just ask the Belgians.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon