Punjab National Bank (PNB), which was under stress over $1.77 billion Nirav Modi’s fraud, has reported a massive data breach.
Sensitive information of as many as 10,000 debit and credit cards, which includes names, expiry dates, personal identification numbers and card verification values, has been available for purchase (at $4.90 per card) on a website for at least three months.
Singapore-based company CloudSek Information Security, that monitors data transactions, informed the bank about the data breach, said Asia Times report.
The report added that PNB was not aware of the data breach until it was tipped off on Wednesday by the security company.
Post the breach, relevant agencies have been alerted and they are trying to establish the extent of the problem. So far, they have discovered sensitive information from as many as 10,000 credit cards issued by the bank.
Also read: Data leaks rise in startups: What are users’ right and future of cybersecurity?
Investigators believe that the bank’s security could have been compromised or the data could have been from a third party. Payment gateways also had access to the data.
Explaining the detection of the data breach, CloudSek’s chief technical officer Rahul Sasi said, “We have a crawler that is deployed in the dark/deep web. These are sites on the Internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally.
He added that the crawler detects any such data and sends it to a Machine Learning software. “If this detects anything that is suspicious, and of interest to our clients, we immediately take action.”
Also read: Reliance Jio users data leaked on Magicapk
Last year, India’s banking system witnessed the biggest data breach ever, when 32 lakh debit cards were compromised across the banks. The breach was detected after few banks raised an alarm over the fraudulent use of their customers’ cards in China and the US, while these customers were in India.
