ICICI Bank, an Indian bank with a business presence in over 15 countries, has become a victim of a data breach, leaking information of more than 3.8 million customers or 38 lakh customers. The banking giant says that the news of the data breach is false, as its preliminary inquiries have revealed that the available information on the web is fake and doesn’t belong to its customers.
However, the multinational Indian bank is still investigating the incident and may take at least 48 hours to offer confirmed details on the customer info leak.
According to sources reporting to Cybersecurity Insiders, the hackers accessed the information by exploiting a misconfigured cloud data bucket that had critical information stored on it. The information that was accessed via misconfigured servers of the Digital Ocean bucket includes bank account transaction details, credit card numbers, bank statements, full names, DOBs, home addresses, contact details, email addresses, PII docs, and employee CVs.
Passport numbers, driving license details, and PAN details belonging to some of the customers were also accessed by hackers on a fraudulent note.
Unconfirmed sources state that the fraudulent access took place from February 1st of this year, and Know-Your-Customer (KYC) data was also compromised in the incident. As soon as the Indian CERT team alerted the bank staff, they blocked the hackers’ access immediately and took appropriate measures to avoid such blunders in the future.
The ICICI Bank data leak seems to be critical as it can expose customers and staff to spear-phishing attacks.
NOTE: At one point in time, around 15-18 years back, ICICI Bank brought a revolution to the Indian banking sector by introducing online banking services. This made the banking customers in the Indian subcontinent compare the services to the government-run banks, which were later forced to introduce similar services that were never on par with the then services of ICICI Bank. Gradually, things improved, and since 2016, all government banks started matching the online and phone banking services of ICICI Bank, after which it was forced to abide by the rules of RBI for various reasons.
