HSBC Holdings Plc’s Turkish unit said it will reimburse customers if a cyber-attack that caused the leak of 2.7 million people’s data leads to fraud.

While the information “isn’t sensitive enough to abuse,” any confirmed illegal account activity stemming from the incident will be covered by the bank, Istanbul-based HSBC Bank AS spokeswoman Defne Bali said in response to e-mailed questions. The stolen details include names, card and account numbers and the date they were last used.

Europe’s largest bank by market value is working with local regulators and police to investigate the incident, which was first disclosed on Nov. 12. The perpetrators aren’t yet known, a spokesman for the banking regulator said by phone yesterday.

Government officials and security specialists around the world have said more needs to be done to prevent cyber-crime in the global financial system and protect customers after a series of high-profile hackings. JPMorgan Chase & Co., the biggest U.S. bank, said last month 76 million households were affected by a data breach. EBay Inc. and Home Depot Inc. have also been attacked.

The Turkish unit of HSBC made a profit of 10.6 million liras ($4.7 million) in the third quarter, it announced yesterday in a public filing. That compares with a profit of 10.3 million liras a year earlier, and follows a loss in the second quarter.