ICICI Bank, an Indian bank with a vast presence in over 15 countries, was recently a victim of a data breach, which leaked the information of more than 3.8 million customers or 38 lakh customers. The banking giant has since denied this news, claiming that the available information on the web is false and does not belong to its customers. However, the multinational bank is investigating the incident, and it may take at least 48 hours to offer confirmed details.
Sources report that the hackers accessed the information by exploiting a misconfigured cloud data bucket that had critical information stored on it. This includes bank account transactions, credit card numbers, bank statements, full names, DOBs, home addresses, contact details, email addresses, PII documents, employee CVs, passport numbers, driving license details, and PAN details. It is believed that the fraudulent access took place from February 1st of this year, and Know-Your-Customer (KYC) data was also compromised in the incident. The ICICI Bank data leak seems to be critical as it can expose customers and staff to spear-phishing attacks.
At one point in time, around 15-18 years back, ICICI Bank brought a revolution to the Indian banking sector by introducing online banking services. This made the banking customers in the Indian subcontinent compare the services to the government-run banks, which were later forced to introduce similar services that were never on par with the then services of ICICI Bank. Gradually, things improved, and since 2016, all government banks started matching the online and phone banking services of ICICI Bank, after which it was forced to abide by the rules of RBI for various reasons.
In conclusion, the data breach experienced by ICICI Bank has exposed a number of its customers to potential security risks. The bank has denied the breach, and it is still investigating the incident to confirm the details on the customer info leak. It is believed that the data was accessed by exploiting a misconfigured cloud data bucket, and the hackers managed to gain access to a variety of personal information such as bank statements, email addresses, and passport numbers. The incident has shed light on the importance of proper security measures to protect customer data, and it serves as a reminder of how vulnerable online systems can be to malicious actors.