More than 10,000 credit and debit card holders have been affected by a data breach reported by Punjab National Bank (PNB).
Cyber security experts believe that the card details of customers were offered for sale through a website for at least three month, as per Asia Times report. The data available for sale includes names, expiry dates, Personal Identification Numbers and Card Verification Values.
The news reported that the bank not aware of the breach until it was tipped off on Wednesday night by a data security company registered in Singapore that also has its office in Bengaluru. The firm monitors data transactions.
“We have a crawler that is deployed in the dark web. These are sites on the Internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally,” said chief technical officer Rahul Sasi. “Our crawler detects any such data and sends it to Machine Learning software. If this detects anything that is suspicious, and of interest to our clients, we immediately take action.”
According to the report, he was unable to contact PNB after detecting the breach as it is not a customer at the bank but eventually passed the details through a government agency. PNB’s Chief Cyber Security Officer T.D. Virwani has confirmed it was working with the government to contain the fallout from the release of the data.
Asia Times knows the website’s name but is withholding this information at the request of investigators.
The discovery will raise doubts about data security levels at the bank, which is already under pressure over a reported US$1.77 billion fraud involving fake letters of guarantee that were allegedly used by leading jeweler Nirav Modi to raise funds from banks, two PNB employees supposedly colluded with Modi in the scam.