Developing tonight. A colossal data breach at one of the world’s largest financial institutions has exposed the personal and financial details of 200 million customers across 40 countries. The bank, identified by sources close to the matter as HSBC Holdings, is now in crisis mode as cyber security teams race to contain the fallout.

Leaked documents seen by The British Wire reveal that the breach was discovered by internal auditors on Monday morning. The attackers, believed to be a state-sponsored group, gained access through a compromised third-party vendor. They remained undetected for over two weeks, siphoning data including names, addresses, dates of birth, national insurance numbers, and account balances.

“This is catastrophic,” said a senior cyber security analyst who spoke on condition of anonymity. “The scale is unprecedented. 200 million records. That’s a treasure trove for criminals and intelligence agencies alike.”

The bank has confirmed the breach in a statement, but offered few details. “We are aware of a data security incident. Our teams are working around the clock with law enforcement to investigate and secure our systems. We take this matter extremely seriously,” a spokesperson said.

However, internal alarms were raised after unusual data transfer patterns were detected. The hackers exploited a flaw in a cloud storage service used by the bank’s mortgage division. The breach affects customers from the UK, US, Europe, and Asia. The bank’s shares plummeted 12% in after-hours trading.

Regulators are now circling. The Information Commissioner’s Office has launched a formal investigation. The Financial Conduct Authority is also probing whether the bank breached data protection laws. The bank faces potential fines of up to 4% of global turnover, which last year stood at £51 billion.

But the immediate concern is the safety of customers. Cybersecurity experts warn of a wave of identity theft and financial fraud. “People need to freeze their credit, change passwords, and monitor transactions like hawks,” said a former GCHQ analyst. The bank has set up a dedicated hotline and is offering free credit monitoring for affected customers.

Questions are being asked. How could this happen to a bank that spends over £1 billion annually on cyber security? Leaked internal memos show that the vendor had been flagged as high-risk two months ago. Yet the contract was not terminated. Whistleblowers claim that cost-cutting measures had led to delayed security updates.

The timing could not be worse. HSBC is already under pressure from activist investors to restructure. The Chief Executive is due to face shareholders next week. This breach will dominate the agenda.

The attack is being linked to a known group, tracked by intelligence agencies as “Chimera”. The group is believed to be based in a hostile state. Their modus operandi is to steal data for economic espionage. “They want to destabilise financial markets,” said a source at the National Cyber Security Centre.

For now, the bank’s cyber teams are working to secure the network and identify the extent of the data loss. But the damage may already be done. 200 million customers are now at risk. The bank’s reputation is in tatters.

This is a developing story. More to follow.