The bank – which is a subsidiary of the London-based HSBC Group – said that compromised details included debit and credit cardholder names, account names and expiration dates, although it went onto note that it has not yet seen any fraudulent activity on the affected accounts.
The intrusion was first detected by the bank's internal security controls and the attack was limited to card holders in Turkey, according to an FAQ published on the bank's website. The company says that all card operations have been restored to normal.
“We would like to inform you that HSBC recently identified and stopped a cyber-attack on our credit cards and debit card systems in Turkey. On identifying the incident, we took immediate action to safeguard our customers,” the firm said on its website.
The Banking Regulation and Supervision Agency of Turkey is one of a number of authorities now investigating the incident.