Earlier today, TechCrunch has reported that the government-owned State Bank of India (SBI), India’s largest bank and the number four company in the Fortune India 500, left a server unprotected, allowing anyone to access the financial information of millions of customers including partial bank account numbers, phone numbers, balances and recent transactions. The server stored two months of data from SBI Quick, a text message and call-based system used to request basic information about bank accounts by the bank’s customers. The exact number of users that had their data compromised is uncertain, however SBI boasts 500 million customers across the globe and 740 million accounts.
In 2016, massive indian bankls were reported being breached but SBI at that time assured they were safe.
State Bank of India says SBI's systems are absolutely secure and no security breach has happened
— Reuters Asia (@ReutersAsia) October 20, 2016
But not long enough:
In light of the recent news item, regarding an alleged data incident, please find below our statement: pic.twitter.com/mu4xn12QgL
— State Bank of India (@TheOfficialSBI) January 31, 2019
Experts Comments below:
Stephan Chenette, CTO and Co-founder at AttackIQ:
This kind of data leak—which is so easily preventable with even basic security practices—directly undermine customer confidence. Exposure of any type of user information is a major concern. All organizations trusted with sensitive consumer data must continuously assess the viability of their security controls to make sure that they are enabled, configured correctly and operating effectively. It shouldn’t take a massive breach such as this to make companies realize they need a more proactive approach to strengthen security.”
Oliver Muenchow, Security Consultant and Evangelist at Lucy Security: