Punjab National Bank (PNB) is already going through a tough phase and the troubles seem to only grow for bank as the lender has been hit by a serious data breach affecting thousands of its customers.
PNB due to multi-crore rupee financial fraud by billionaire jeweler Nirav Modi is already under the scanner of the government. It has been reported that the data breach has affected some 10,000 credit and debit card holders. The sensitive data is leaked on the internet and is available for purchase for last three months through a website.
Until the bank was informed on Wednesday by CloudSek Information Security, a Singapore registered company the bank was not aware of the breach. The Singapore based company monitors data transactions.
Rahul Sasi, Chief Technical Officer of the company said that a crawler has been deployed by them in the dark/deep web. These sites on the internet are not indexed by Google or any other major search engine. These are used to buy and sell sensitive data illegally.
He further added that the crawler deployed by them fetch this kind of data and sends it to Machine learning software created by them. If any suspicious activity is detected by it which is of interest to their clients then an immediate action is taken.
The data which is leaked includes names, expiry dates, personal identification number and card verification value of victim. Two sets of data mainly got released - some without CVV numbers and some with.
It was stated in the report that last date stamp on data was 29 January which suggests that the leaked data was still in use for many customers.
Rahul Sasi further added that they tried to contact PNB after they become aware of data breach but could not contact as PNB was not a client of CloudSek. However, a government agency eventually informed PNB of their data breach. TD Virwani, Chief Security officer of the PNB has said that they are working with the authority to further investigate the data leak.
The fact is still unknown that whether the breach has occurred due to an infected device or whether there was an involvement of a third party. However, as per an investigator the bank’s security was probably compromised since a large amount of data originated from a single source.
Follow MyAdvo for daily legal news and top legal updates.