Private financial information on a number of customers of HBSC's Swiss operations have been leaked. The Guardian and the "International Consortium of Investigative Journalists" have latched on to the leaks in order to shame HSBC for providing financial services and to wealth shame HSBC customers for having money and desiring privacy at the same time.
Details on how the leak occurred have not been made public by any of the venues spreading the information, but given the public disclosure being directly through "journalistic" outlets is incredibly suggestive of the vulnerability allowing the leaks involving a social engineering attack.
Social engineering is of course one of the most devastating avenues for attack a person or institution might face. Socially engineered attacks range from malicious actors working into a trusted position as likely happened at HSBC, to supposed experts promoting practices that weaken technical security measures. In any situation a social engineering attack involves culturing a misplaced trust such that the social engineer may attack directly or receive your compliance in creating a vulnerability for another party to exploit.