State Bank of India (SBI), the government-owned banking network in India, is the latest victim of a massive data breach which exposed millions of customers’ financial information.
According to online publisher TechCrunch, an unprotected SBI’s server allowed potential attackers to view the data of millions of SBI account holders. It’s believed that the back-end text message system of SBI’s mobile banking services exposed the sensitive information, including customers’ phone numbers, partial account numbers, balance details, recent transactions, and other sensitive information.
It’s unclear that how long the insecure database, that store data from SBI’s Quick, YONO app, and other cell-based banking services, exposed the customers’ data online. Millions of customers use SBI’s Quick and YONO services to retrieve their account information.
“The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances, and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking,” a media statement read.
Recently, the Reserve Bank of India (RBI) imposed a fine of 10 million rupees ($1.4 million) on Indian Bank, a public-sector bank based out in the Indian state of Tamil Nadu, for violating cybersecurity norms. The central bank stated that the monetary penalty was imposed by an order dated November 30, 2018, for flouting of the Circular on Cyber Security Framework in banks.
In order to advance the preparedness of Indian banks against cyber-attacks, the RBI is working on enhancing cybersecurity mechanisms. The central bank announced an enhanced security mechanism as part of its agenda for the fiscal year 2018-19 to provide high-level protection against cybersecurity threats.