HSBC fights off denial of service attack on its internet banking systems

Updated: Banking giant says it has successfully defended against the attack and that customer transactions are not affected.
Written by Steve Ranger, Global News Director

HSBC has confirmed that it fought off a denial of service attack on its internet banking systems this morning.

A spokesperson for HSBC said: "HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK.

"HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused."

HSBC's online banking login page currently displays a notice which says "We'd like to apologise to all our customers for Online Banking being unavailable. We know how inconvenient this is and we are doing everything we can to rectify the problem. Please try later."

A denial of service attack floods a site with junk traffic so it cannot respond to legitimate requests for access - like stuffing a letterbox with junkmail so that genuine letters can't be received.

When these attacks harness the power of thousands or millions of computers in the form of a botnet, these distributed denial of service attacks (DDos) can cause problems for the largest organizations.

These types of attacks are getting more powerful. For example, Arbor Networks' survey found the largest attack reported last year was 500Gbps, with others reporting attacks of 450Gbps, 425Gbps, and 337Gbps.

It's not the first time that the bank has faced a denial of service attack: back in 2012, HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.

Update 5PM: the bank said it is continuing to see DDoS attacks "but normal service is returning". It said it is working closely with law enforcement authorities "to pursue the criminals responsible for today's attack on our internet banking." It said for urgent transactions customers should visit their local branch.

Read more on denial of service attacks

Editorial standards