India’s largest bank, the State Bank of India (SBI) has suffered a data breach that has left the data of millions of users exposed. The data breach is said to have happened because shockingly, the bank did not have a password on its server.
According to reports, the ‘SBI Quick’ server that allows customers to message the bank for information regarding their accounts, has now been secured. However, when it was open, it had archives of messages that dated back to December, according to a report in TechCrunch.
To be more specific, that means there were millions of messages regarding customer’s balance information, loan inquiries, financial transactions among other data.
SBI’s data breach was first spotted by an unknown researcher and was verified by Karan Saini, who had found a leak in India’s Aadhaar database.
We should mention that there was no sensitive data on the server, however, come details like partial account numbers and contact information of the customers can make them vulnerable to demands for ransom. It is also worth pointing out that there is a possibility of a social engineering attack, which is a very common way to commit financial frauds. These attacks require human intervention to correlate a phone number to a bank account that has a high balance. Speaking about this, Saini told to TechCrunch, “The data available could potentially be used to profile and target individuals that are known to have high account balances.”
One of the main reasons that the scope of the problem is vast in this case is that SBI is reported to have more than 500 million customers across the globe and they have 740 million accounts. But till now, the bank has not revealed any information about which customers’ data was exposed and who all are vulnerable to such threats. However, it has been reported that even in single data, the server shoots out around 3 million messages. So the scope of the problem is indeed very vast.
It wouldn’t be wrong to say that the breach happened because of negligence on SBI’s part. We should mention that data breaches are constantly increasing in spite of the fact that companies are spending a lot in terms of security. They happen because of all sorts of reasons like an organizational failure, process failure or, as in SBI’s case, employee negligence.