Some 10,000 credit or debit cardholders have been affected by a data breach reported by Punjab National Bank (PNB), which is already reeling under a multi-crore rupee financial fraud by two fugitive luxury jewellers.
According to an Asia Times report, security experts believe that the sensitive details of customers of the state-run bank were offered for sale through a website for at least three months.
The Hong Kong-based English language news website reported that the bank was tipped off on Wednesday night about the data breach by CloudSek Information Security, a company registered in Singapore that also has its office in Bengaluru. The firm monitors data transactions.
We have a crawler that is deployed in the dark/deep web. These are sites on the Internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally.Chief Technical Officer Rahul Sasi to The Asia Times
"Our crawler detects any such data and sends it to a Machine Learning software that we have created. If this detects anything that is suspicious, and of interest to our clients, we immediately take action."
PNB's Chief Information Security Officer TD Virwani has confirmed it was working with the government to contain the fallout from the release of the data.
The data available for sale includes names, expiry dates, Personal Identification Numbers and Card Verification Values.
Sasi said two sets of data were released: some with CVV numbers and some without. The last date stamp on the data is 29 January 2018, indicating that the details are still current for thousands of card customers.
Government and private investigators are still trying to fathom the cause of the breach, reported the Asia Times. However, an investigator told the news website that a compromise in the bank’s security is most likely since a large amount of data came from a single source.
(With inputs from IANS)
(The Quint, in association with BitGiving, has launched a crowdfunding campaign for an 8-month-old who was raped in Delhi on 28 January 2018. The baby girl, who we will refer to as 'Chhutki', was allegedly raped by her 28-year-old cousin when her parents were away. She has been discharged from AIIMS hospital after undergoing three surgeries, but needs more medical treatment in order to heal completely. Her parents hail from a low-income group and have stopped going to work so that they can take care of the baby. You can help cover Chhutki's medical expenses and secure her future. Every little bit counts. Click here to donate.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)