HSBC issues warning to 180,000 regarding a security breach

The WSJ Online is reporting that HSBC has issued warnings to 180,000 of it's customers that a security breach may have resulted in their data being compromised.

The HSBC letter, which was sent to cardholders last week, reads in part: "A national retailer's computer system has had a security breach and your credit card account number may be among those that were compromised." It was signed by "GM Cardmember Services" and noted that HSBC issues the card and provides administrative and processing services for it. The letter went on to say that "we are unaware of any fraudulent activity on your account."

Kudos to HSBC:

While banks also are required to report breaches that occur in-house or at financial-service providers with whom they do business, HSBC technically wasn't required to notify GM MasterCard holders because the breach in question occurred at a separate retailer, not within the bank or the credit-card company.

The WSJ says the US Retailer is Polo Ralph Lauren.

I've spoken to a couple of auditors recently that had been doing a fair bit of work for processors and merchants. Both said that Visa recently eased the requirements. I believe they have eased the requirement for strong authentication. It will be interesting to see if the retailer in question passed the CISP compliance and if use of strong authentication would have prevented the attack, as it would have in the case of the LexisNexis breach