Sensitive information about 12,000 SBI employees leaked onto Telegram channels
The data of over 12,000
State Bank of India (SBI) personnel was leaked on Telegram channels during a
massive data breach. Personal information about the employees, including their
SBI passbooks, names, addresses, contact numbers, and PAN numbers, was
compromised.
Read also this: Martin Wolf predicts that India can be a hotspot for FDI
On Friday, July 8, a
Telegram channel with the handle @sbi_data uploaded a file containing the
confidential information of over 12,000 employees of the State Bank of India
(SBI). The record consisted of the employees’ names, addresses, contact
numbers, PAN numbers, account numbers, and photo IDs.
The file was titled
“SBI Employee Data Dump.” At the time of the leak, the channel had
only 608 subscribers, but the file was rapidly circulated on other channels on
Telegram and social media.
More than 12,000 SBI
workers had their personal information exposed, and the same threat actor that
did so claimed to have access to millions of customers’ financial data as well.
The threat actor also claimed to have made the hacked information public on
breach forums.
Additionally, they have
posted screenshots of SBI account balances and recent transactions on a breach
forum accessible to the public. The photographs demonstrate that the threat
actor has access to a vast array of financial data, including account numbers,
PINs, and transaction history. The compromised data were also offered for sale
on dark web marketplaces.
According to cybersecurity
expert Saumay Srivastava, threat actors attack an infrastructure either by
exploiting any active/passive vulnerabilities or by using RaaS – Ransomware as
a service, to attack any active infra. Srivastava discovered the massive SBI
leak through his consistent monitoring of the dark web.
Furthermore, he noted
that banks’ privacy and reputations are seriously damaged by the leakage of
sensitive client and employee information, which is an area that is
aggressively targeted by cybercriminals.
Data is routinely mistakenly exposed on
indexable platforms, which threat actors have used in previous hacks of
high-profile institutions. Threat actors gain
access to bank accounts, conduct transactions, and use credit cards
fraudulently with this information, he stressed; due to misconfiguration and
weak policies, these files are easily accessible via advanced search operators
or dorks.
When data is left
unencrypted, it is vulnerable to manipulation by threat actors or hackers,
which can have serious consequences for the affected financial institutions. He
suggested using full encryption for all information stored and transmitted via
online banking or the Internet.
Even if the data is
stolen, this will prevent the attackers from succeeding in their mission. If
necessary for testing, sensitive information including a client’s bank account
number, name, and address must be disguised. Banks should actively seek out
threat intelligence reports of the banking sector to understand major TTPs (Tactic,
techniques, and procedures) of the latest threats/vulnerabilities and reduce
appropriately predicting potential risks to their infrastructure, he said.
The number of data
breaches and leaks in India has skyrocketed in recent years. The number of data
breaches in India rose to over 1,250 in 2022 from 550 the year before,
according to research by the CyberPeace Foundation.
In recent years, the
widely used messaging programme Telegram has become a haven for both illegal
and lawful forms of online communication.
There have been several
high-profile examples in recent years when criminals have used Telegram.
TechCrunch reported in January 2019 that SBI has leaked customers’ financial
data due to an insecure server. Partial account numbers, balances, transaction
details, and other personal information were among the exposed files.
OTT India updates you with the latest news, Country’s no.1 digital news platform OTT India, Keeps you updated with national, and international news from all around the world. For more such updates, download the OTT India app on your Android and IOS device
.