ICICI Bank Data Leak? Know The Truth Behind The Exposed Credit Card Data Of 35 Lakh Customers

NEW DELHI: ICICI Bank, one of India’s leading private sector banks, has reportedly denied news of a data breach that allegedly exposed the personal information of its 35 lakh users.

As per media reports, in a statement released on Thursday, the bank dismissed the reports as baseless and accused Cybernews, the media outlet that published the story, of malicious intent.

ALSO READ: MeitY Declares ICICI Bank As Protected System, Any Unauthorised Access Attempt Will Be Act Of Cyber Terrorism

Cybernews had claimed that the bank’s systems were being mismanaged, resulting in user data being stored in the cloud and accessible to anyone.

The research team also alleged that sensitive data, including customers’ names, birth dates, home addresses, email IDs, bank account details, credit card numbers, passport and PAN card details, bank statements, and KYC documents were all accessible to anyone.

The leaked data also included resumes of some current and past employees of the bank as well as job applicants.

ALSO READ: Report Data Breach & Cyber Incidents Within 6 Hours: CERT-In New Directives To Firms & Government Agencies

ICICI Bank, however, has categorically denied these reports and said that their data security systems were robust and secure.

The bank also pointed out that it adheres to strict data protection and privacy laws and takes every possible measure to safeguard the personal information of its customers.

Cybernews in its news report mentioned that on February 1st, sensitive data belonging to ICICI Bank and its clients was found to be exposed on a Digital Ocean bucket that was misconfigured and publicly accessible.

The Cybernews research team made this discovery and claims they promptly informed the bank and the Indian Computer Emergency Response Team (CERT-IN). The issue was subsequently resolved.

According to Cybernews researchers, access to the Digital Ocean bucket owned by ICICI Bank was completely restricted as of March 30th.

ALSO READ: Step By Step Guide: How To File Cybercrime Complaints Online In India

ICICI Bank assures customers of data safety and warns of legal action

ICICI Bank has advised its customers to ignore the reports of data breaches and has assured them that their data is safe and secure with the bank.

In a message to its customers, the bank said, “ICICI Bank would like to assure all its customers that their personal and financial information with the bank is fully safe and secure. We urge our customers not to be misled by such reports which are aimed at tarnishing the image of the bank.”

The bank has also warned that it will take legal action against any entity spreading false news about data breaches or trying to damage its reputation.

“ICICI Bank takes its reputation seriously and will not hesitate to take legal action against anyone who spreads false news about the bank,” the statement said.

It must be noted that On June 16, 2022, the Government of India released a gazette notification in which ICICI Bank was designated as a “Protected System” under the IT Act. This was a significant development for the bank as it ensures that the system is protected both technically and legally, given the criticality of the system and the risks associated with a security breach.

Under this new notification, anyone who gains access or attempts to gain access to a protected system in violation of the provisions outlined in this section may face imprisonment for up to ten years, as well as a fine. This emphasizes the severity of the consequences for attempting to breach the security of a protected system.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube