Cyber news searches and reports various vulnerabilities and data breaches, and posted a report on 21 April 2023 that the cloud storage (Digital Ocean bucket) of ICICI bank was left exposed to the public due to a misconfiguration. If true, over 36 lakhs of client information could have been leaked which may include KYC documents (like Pan cards, IDs, passports), bank account details, credit card details, and client addresses with their contact details. It is unclear whether the storage was accessed by malicious actors.
ICICI bank firmly denies any instance of data leak and reports that all clients’ information is kept secure. Only a KYC form of a customer and the passport of an ICICI bank employee has been provided in the Cyber news report and there is no proof of any bank account or credit card data leak yet.
Banks are sweet targets for malicious attackers and are targeted very frequently. Earlier this year on 6 March, an unknown hacker posted aΒ data leak of HDB Financial Services (an HDFC subsidiary) including clients’ names, Date of birth, addresses, marital status, loan details and applications, credit scores, transactions history, contact numbers, and email IDs. HDB Financial Services provide various kind of loans to its customers. Over 6 lakhs of clients and 7.5 GB of data were leaked. The data leaked was posted on a hacker forum and did not contain any data from HDFC Bank.
Similarly, on March 20 of this year, police arrested seven people involved in the sale of sensitive data including those of the State Bank of India, Bank of Baroda, Axis Bank, and Phonepay. Crores of people’s information were being illegally sold. The data included government employees as well. The source of the data leak is unclear and it is suspected it was leaked by insiders. Companies outsource some of their work to other companies including call centers that sometimes have been reported to steal information.
As a safety precaution, we recommend updating any login or net banking credentials with strong passwords, frequently changing transaction pins, enabling multi-factor authentication, setting suitable transaction limits and ATM withdrawal limits, and being vigilant against any phishing attempt.
