HSBC confirmed today it suffered a data breach last month affecting about one percent of its U.S. accounts and exposing an extensive amount of customer information.

In a data breach notification letter sent to the California attorney general’s office, HSBC said that between October 4-14 the accounts were accessed by an unauthorized users. The information possibly compromised included full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.

HSBC did not say exactly how many people were affected by this breach, but boasts of having 38 million customers worldwide on its website.

“We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts. We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service,” Rob Sherman, U.S. head of media relations, HSBC External Affairs told SC Media

The bank is also recommending customers protect access to their banking accounts by regularly changing and using strong passwords and to monitor their accounts for unauthorized activity.