Data breach has taken place in India’s third-largest bank. A report suggests that card details of around 1000 customers were hacked in the government-owned Punjab National Bank.
The bank is already affected by 11400-crore financial fraud by luxury jewelers. The information came out late as did the previous scam that happened last week.
The information leaked online includes credit and debit card details. These are names, CVV number, expiry date, personal identification numbers and card verification values of around 10000 account holders. It was found that the information leak continued to take place from last three months.
Singapore based information security company, CloudSek found the breach. It has its office in Bangalore. The company manages digital transactions and keeps a close eye on un-indexed Google search engine items.
In a statement to the media, Chief Technical Officer Rahul Sasi said,“We have a crawler that is deployed in the dark/deep web. These are sites on the internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally,”
“Our crawler detects any such data and sends it to a machine learning software that we have created. If this detects anything that is suspicious, and of interest to our clients, we immediately take action.
The entire details are not released to the company by the PNB. Cloudsek is not a customer at its bank so they have asked a government agency to provide the details.
They sold the data for Rs. 320 per card. The data leak questions the operational risk management deployed by the bank.
Chief Information Security officer, PNB, TD Virwani said that the bank is working with the government to contain data fallout of the release on un-indexed sites.