The bank says it has been able to defend itself.
HSBC has admitted that is was the victim of a cyber attack, after its online personal banking services were knocked offline and customers were unable to access their online bank accounts.
The major high street bank said that it was hit by a DDoS attack, but was able to successfully defend its systems.
The bank tweeted: “HSBC UK internet banking was attacked this morning. We successfully defended our systems.”
A spokesperson for the bank said: “HSBC internet banking came under a denial of service attack this morning, which affected personal banking websites in the UK. HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused.”
The statement indicates that customers do not need to worry that they will be unable to receive or make payments.
DDoS attacks flood computer networks and are typically used to knock systems offline to allow hackers entry in order to steal data. For example, it is thought that such an attack was used in order to facilitate the mega data breach suffered by TalkTalk.
Many HSBC UK customers expressed their anger over twitter, and were concerned that they could not get access to their bank accounts online just two days before the deadline for filing self assessment tax returns.
Some people were also wondering why HSBC were saying they had successfully resisted the attack, when they were unable to access services.
Brian Spector, CEO of digital authentication firm MIRACL, said: “Not even the largest financial institutions on earth are immune from cyberattacks that disrupt business operations. HSBC is using antiquated authentication technology, what else is not up to speed such that one of the world’s largest banks has been taken offline?
“HSBC are claiming to have “successfully defended” the attack but if your main business is taken offline, and your website is unreachable, you have not successfully defended yourself.”
Mark James, Security Specialist at IT Security Firm ESET, said that customers should be vigilant in the wake if this attack:
“As in all situations like this please be mindful of the after effects, nothing may happen but just be a little bit more cautious when opening emails or taking calls from people claiming to be associated with your financial organisations.
“Remember NO bank will take offence if you want to double check things by calling back or verifying who they actually are, it’s a few minutes of your time that may save you hundreds or even thousands of pounds and definitely make sure you have good regularly updating internet security software installed on your computer or mobile device.”
The Bank of England identified cyber security as a major risk to the stability of the UK financial system in its July 2015 Financial Stability report, saying: “Cyber attack have the potential to threaten financial stability by disrupting the vital functions that the financial system performs for the real economy.”
Today’s attack comes just days after Andrew Tyrie, Chairman of the influential Treasury Select Committee of MPs, published letters he had written to the banks expressing concern about the resilience of their IT systems. The CEO of HSBC was one of those Tyrie contacted.