Massive data breach at State Bank of India

Millions of clients have been affected by this incident

Network security and ethical hacking specialists from the International Institute of Cyber Security reported a new data leaking incident in a financial institution. According to reports, State Bank of India, the largest bank in the country, has leaked financial data of millions of its costumers due to an unprotected server.

Sensitive data was accessible for anyone due to this incident; the banking institution claims that the problem is currently solved. According to network security experts, the unprotected server was found by an anonymous security researcher at one of the bank’s data centers.

The server stores a database that allows bank’s customers to check their recent activities, balances and payment card details. Nonetheless, the bank omitted to implement a password for the server, thus anyone were able to access the exposed data, belonging to millions of State Bank of India customers.

Network security experts were able to confirm that the bank sent over 3 million messages through this server just in one day.

TechCrunch was able to confirm the bank sent out over three million text messages, through the server holding information, on one day alone.

“The data stored on this server could be used for targeting future spear phishing attack victims, as it contains several personal and financial details”, explained Karan Saini, network security expert.

Even though the inconvenient has been fixed by the State Bank of India team, it’s still unclear for how long the database was exposed. The bank ignores the exact number of affected consumers too.

On the other hand, Ilia Kolochenko, cybersecurity expert, explained: “India is becoming a growing market for cybercriminals. As organizations keep asking customers for their personal data, malicious hackers try to exploit security flaws to access such information. Due to its large demography, India could be considered as one of the biggest data banks to be abused”.  

 The expert added: “About this incident, it is possible that any large financial organization may face similar issues. Modern IT infrastructures are so complicated that virtually no one has the pertinent information security and monitoring process”.