Attack disrupts HSBC online banking services in the UK on tax deadline
Customers are angry about repeated online banking outages this month
HSBC customers in the U.K. who waited until the last day to pay their taxes might have had trouble doing so because the institution's online banking system was unavailable Friday.
In an emailed statement, the bank said that it was the target of a denial-of-service attack which affected its U.K. personal banking website.
"HSBC has successfully defended against the attack, and customer transactions were not affected," the company said. "We are working hard to restore normal service."
In addition to today being the last day when private individuals can pay the tax owed for the year that ended on Apr. 5, 2015, it is also a pay day.
The company has been answering a large number of complaints from frustrated customers via its Twitter account.
"Congratulations on 'successfully defending' against the latest cyber attack but when will I be able to access my money?" one customer wrote.
The HSBC help team advised users to call its customer support line or to use the mobile banking app instead. However some customers reported long call queues and the mobile app not working either.
Others have pointed out that this is the third time when HSBC's online banking services were inaccessible this month. An outage at the beginning of January reportedly lasted for two days.
The number of distributed denial-of-service attacks against companies has increased over the past year and some of them have been accompanied by extortion attempts where attackers promised to stop in exchange for money.
HSBC declined to say whether it has received a similar ransom message during this incident, but said that it is working with law enforcement authorities to pursue the criminals responsible.
Some DDoS attacks are used by attackers as a smoke screen, to keep security teams busy while a more serious compromise is underway. Hackers might also attempt to take advantage of highly publicized outages at financial institutions by sending rogue emails that purport to come from that organization and contain malware or malicious links.