According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers
Exposing personal and financial data of over 180 million bank customers, vulnerability was found in Punjab National Bank’s (PNB) internal server, which allegedly could let hackers get access to the highest level of admin privilege, according to cyber-security firm CyberX9.
Himanshu Pathak, Managing Director of the cyber-security firm, told BusinessLine it also leaves access to confidential internal e-mails and logins of all strata of employees across branches and systems, including the CMD, exposed.
He added that the data had been left exposed for nearly seven months, but his firm discovered the vulnerability on 17 November.
However, any exposure to important data was denied by PNB. The bank told PTI that it had tracked the vulnerability and no sensitive data was compromised. It also denied any customer’s data getting exposed.
“The server, wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive/critical data in this server”, PNB said.
According to the cyber-security firm – CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers.
“The vulnerability was found in an exchange server, to which all other systems and networks are attached. Through this, the hacker can get access to master admin login. Initially PNB denied the glitch. On November 19, we had filed a complaint with CERT-In and NCIIPC, post that they said that they have closed down the server”, Pathak said.
Meanwhile, the cyber-security firm – CyberX9 in its blog post asked for a thorough security audit of the bank’s systems.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.