https://www.theregister.co.uk/2018/11/06/hsbc_security_broken/

HSBC admitted it has been relieved of the personal details of thousands of customers.

The bank provided a disclosure (PDF) to the California Attorney General's Office late last week outlining its plan to notify customers of the data exposure. California law requires that the AG be notified whenever a data breach affects 500 or more residents of the state.