data breach – IFSCCodeof.in

No breach of systems and pilferage of any personal data: PNB

November 22, 2021 root Banking & Finance

[ad_1]

Read More/Less

Following several reports of vulnerability found in Punjab National Bank’s internal server, exposing personal and financial information of customers, the bank on Monday denied any breach of system and possibility of data exposure. The bank has deployed data leak prevention solutions that stops any unauthorized data to be sent through emails, it said.

“We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB,” the bank said in a statement.

It added, “It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.”

CyberX9 report

The alleged vulnerability came into light, when cyber security firm CyberX9 published a blog post saying that apart from its 180 million customers, the glitch leaves access to confidential internal emails and logins of all strata of employees across branches and systems, including the CMD exposed by letting the hackers get the highest level of admin privilege in the affected server. It claimed that the vulnerability existed for at least seven months.

To this, PNB said that it had deployed a leak prevention solution controlling unauthorised data being sent over emails. Earlier, in a statement to PTI, the bank had said that the glitch was found and fixed; and no data was compromised.

“The said zone does not permit unauthorised access to any one, including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms,” it said in its latest statement.

The bank is certified with International ISO 27001 best information security practices, validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.

“Our customers are very valuable to us. We assure our all customers that PNB, your bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. Towards this, PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers,” PNB said.

[ad_2]

CLICK HERE TO APPLY

Leave a comment CyberX9 report, data breach, pnb, punjab national bank

Check Point, BFSI News, ET BFSI

October 27, 2021 root Personal Finance

[ad_1]

Read More/Less

New Delhi, Data breaches and cyber attacks are expected to grow to large scale with the adoption of digitisation by both businesses as well as consumers, Israel-based cyber security firm Check Point said on Tuesday. The company expects cyber groups will continue to leverage fake news campaigns to execute various phishing attacks and scams.

“Going into 2022 we will see an increase in data breaches that will be on a larger scale. These breaches will also have the potential to cost organizations and governments more to recover. In May 2021, the US insurance giant paid USD 40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022,” Check Point said in its prediction report.

“We can expect ransom demand by attackers to increase in 2022. Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover,” the report said.

It said that mobile malware attacks are expected to increase with increase in use of mobile wallets and mobile payment platforms.

“The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks,” Maya Horowitz, VP Research, Check Point Software.

[ad_2]

CLICK HERE TO APPLY

Leave a comment check point, check point software, data breach, maya horowitz, vp research

IPO-bound unicorn MobiKwik under RBI scanner for data breach

October 24, 2021 root Banking & Finance

[ad_1]

Read More/Less

The alleged data breach of 3.5 million users at IPO-bound fintech unicorn MobiKwik is under RBI’s scanner.

The company has submitted a forensic audit report detailing the data breach, the RBI said in response to a right to information (RTI) petition filed recently. The petitioner sought to know the status and understand the procedure of the investigation.

Srinivas Kodali, independent researcher and privacy rights activist who had filed the RTI, told BusinessLine, “The RBI doesn’t care about informing individual customers. If there is a fraud happening due to data breach, the RBI ensures that the banks and payment processors refund that money under a certain limit. They think they are not obligated to inform individuals whose data was affected due to these breaches. And since there are no strict laws, MobiKwik got away without informing customers. MobiKwik also didn’t submit their report to the RBI, until the regulator reached out to them. There has been no independent investigation so far due to lack of data protection laws.”

Digital forensic audit

While the company did not respond to queries from BusinessLine, MobiKwik’s draft red herring prospectus (DRHP) filed in July 2021 mentioned, “We engaged an independent digital forensic audit expert to conduct an audit relating to these allegations. The forensic audit expert subsequently reported that based on the analysis of logs/ data provided to them, there was no unauthorised access from outside of our Company’s infrastructure or internally to the database server wherein customer data is stored, during the review period. The report, however, states certain limitations to the processes undertaken.”

Search engine created

The data leak was first reported by internet security researcher Rajshekhar Rajaharia in late February 2021, wherein 3.5 million individuals KYC documents were exposed through 37 million files. Apart from that, 100 million phone numbers, email ids, passwords, geodata, bank account details and credit card data were leaked.

“The hacker had, in fact, created a search engine using their data, which had 10 crore credit card and debit cards data. Just by entering the phone number, one could get access to the entire transaction history of the user. The leaked data even included details of some of the senior government officials and IPS officers. It was out in public. If it was all false, MobiKwik would have filed a defamation case against me,” Rajaharia told BusinessLine.

In an interview with BusinessLine earlier this month, Upasana Taku, co-founder, chairperson and COO, MobiKwik said, “ Our public statement is very much out there on our social media profiles where we have denied any breach in the system and we had even appointed a forensic auditor to check it and they too didn’t find any breach.”

[ad_2]

CLICK HERE TO APPLY

Leave a comment data breach, IPO, Mobikwik, probe, RBI

More Indians trust banks with their personal data than US, UK and Australia: Report

July 12, 2021 root Banking & Finance

[ad_1]

Read More/Less

According to the survey data, 68 per cent Indians surveyed said that they trust their banks with personal data.

Data privacy has been questioned many times and it has been noted that many people have been reluctant to give out their personal details. In such times, it was found that more Indians trust their banks while handing out their personal data. The confidence among Indians with banks having their personal data is more than people in nations like the US, UK and Australia, said MoneyTransfers, taking in account data provided by YouGov. The survey was conducted across counties to establish which countries have the most and least trusted banking services.

According to the survey data, 68 per cent Indians surveyed said that they trust their banks with personal data. Similar response (68 per cent) was received from Germany too where people trusted banks. Both countries were placed on the third rank in comparison to other countries as “they believe banks and financial service providers are competent and ethical in their management of personal data.”

The trust factor was found to be higher than in countries like Australia and the US, UK where 57 per cent, 45 per cent and 59 per cent people, respectively, had faith in their banks when it comes to providing personal data.

It is to note that Poland was the top country where 85 per cent of the people have put their trust in banks and financial service providers with their personal data. This was followed by Indonesia, where 70 per cent of people were confident that banks and financial service providers can diligently handle their personal data. Other countries surveyed included China, France, Denmark, Italy, Spain, Sweden, Mexico, United Arab Emirates, Hong Kong and Singapore.

While conducting the survey, people were simply asked if they trust banks and financial service providers with their personal data. More than 2,250 individuals from each country were given the survey questions and asked about their trust in banking services.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

[ad_2]

CLICK HERE TO APPLY

Leave a comment australia, banking and financial services, banks, data breach, data privacy, Indians, personal data, UK, US, yougov

New Zealand central bank says its data system was breached, BFSI News, ET BFSI

January 11, 2021 root Banking & Finance

[ad_1]

Read More/Less

The Reserve Bank of New Zealand said on Sunday that it was responding with urgency to a breach of one of its data systems.

A third-party file-sharing service used by the central bank to share and store some sensitive information was illegally accessed, the bank said in a statement.

RBNZ Governor Adrian Orr said the breach had been contained but added it would take time to understand the full implications of this breach.

“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” Orr said in a statement.

In August, the operator of New Zealand’s stock exchange was hit by cyberattacks. InPhySec, an independent cybersecurity firm tasked with reviewing the cyber attacks, said the volume, sophistication and persistence of the attacks were unprecedented for New Zealand.

In a November 2019 Financial Stability report, the RBNZ warned that the frequency and severity of cybersecurity incidents were on the rise in New Zealand.

In February of last year, the bank said in a report that the expected cost of cyber incidents for the banking and insurance industry was between NZD80 million ($58 million) and NZD140 million per year.

“More extreme events have a low probability but are still plausible,” the bank said in that report.

[ad_2]

CLICK HERE TO APPLY

Leave a comment adrian orr, Bank data breach, central bank, data breach, Reserve Bank of New Zealand, Security hacker, vulnerabilities