In an age where data is a currency of its own, the security of financial information is paramount. However, India has witnessed several notorious data breaches within its banking sector, shaking customer trust and prompting serious concerns about data protection practices. Let’s explore four infamous data breaches in Indian banking history, examining their details and consequential aftermaths.
State Bank of India (SBI) Data Breach
In 2019, the State Bank of India (SBI) encountered a substantial data breach, exposing sensitive information from an alarming 422 million consumers. The breach stemmed from an unsecured server hosting data from SBI Quick, a text message and call-based service, leaving personal details vulnerable. Discovered by a security researcher and reported to TechCrunch, the breach revealed phone numbers, bank balances, and partial account numbers, raising concerns about potential fraud and identity theft.
SBI swiftly secured the database but faced scrutiny over its handling of the incident, highlighting the need for robust security measures and transparent communication. This breach underscores the critical importance of cybersecurity in safeguarding customer data and maintaining trust in financial institutions. Going forward, SBI must prioritize strengthening its security protocols and proactively rebuilding customer confidence in its commitment to protecting sensitive information.
Bank of Baroda (BoB) Data Leak
Despite initially refuting allegations, internal documents revealed malpractices, prompting the Reserve Bank of India (RBI) to ban BoB from onboarding new ‘bob World’ customers. The RBI cited supervisory concerns and mandated BoB to rectify deficiencies before resuming onboarding. BoB subsequently suspended over 50 employees involved in irregularities, emphasizing efforts to address concerns and restore customer trust under RBI supervision.
In 2021, Bank of Baroda (BoB), one of India’s largest public sector banks, found itself embroiled in a major data breach that exposed sensitive customer information. In September of that year, Bank of Baroda (BoB) launched the ‘bob World’ digital banking app, aiming to consolidate banking services under four pillars (save, invest, borrow, and shop). However, the initiative turned disastrous as bank staff resorted to unethical practices to inflate app downloads and sign-ups, including linking unrelated mobile numbers to customer accounts. This led to artificial success metrics and security risks for customers.
2019 Credit and Debit Card Data Breach
In October 2019, a staggering 1.3 million credit and debit card records found their way onto the dark web’s notorious marketplace, Joker’s Stash, raising alarms globally. Shockingly, over 98% of these compromised cards belonged to various Indian banks, fetching prices upwards of $100 per card. Group-IB, headquartered in Singapore, disclosed the breach, unveiling sensitive data, including card numbers, expiry dates, CVVs, and complete personal details like names, emails, and addresses.
Suspicions point to skimming devices installed on ATMs or Point of Sale (PoS) systems or the sophisticated Magecart attacks targeting e-commerce websites. The gravity of the breach escalated in February 2020 when an additional 460,000 cards surfaced on Joker’s Stash, each carrying personal identifiers and selling for $9. This breach stands as one of the largest in history, prompting ongoing investigations to uncover the full extent of the cybercrime.
Cyberattack on Union Bank of India
In July 2017, a notable cyberattack impacted one of India’s largest financial institutions, Union Bank of India. The incident began with an employee innocuously opening an email attachment, unaware that it contained a malicious code. This oversight granted hackers unauthorized entry into the bank’s systems, allowing them to extract sensitive data. Compounding the issue was a forged central bank email accompanying the attachment, which misled the employee into inadvertently aiding the breach.
The repercussions were severe: the hackers acquired Union Bank’s access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a crucial system for international transactions. Utilizing these stolen codes, the perpetrators executed a sophisticated heist, transferring a substantial $170 million to a Union Bank account at Citigroup Inc. in New York.
Stay tuned for more updates on cybersecurity and financial data protection. Read more on Data Breaches
Discover more from Open Security Labs
Subscribe to get the latest posts sent to your email.
