One of the most trusted banks, ICICI Bank has failed to secure millions of records involving data related to the following individuals.
- Sensitive Information,
- Financial Data, and
- Client Personal Documents.
Recent inquiries exposed the issues with bank systems’ misconfiguration allowing banks’ data breaches. ICICI Bank (Multinational Indian Bank), valued at $76 billion, has 5,000+ branches in India and franchises in 15 countries.
Indian government started harboring ICICI Banks’ assets as a critical information infrastructure in 2022, making it essential for government employees to secure it with utmost care. Even though the data of the national bank is in a critical situation, the security of confidential information isn’t guaranteed.
Bank and Client Critical Data Breached
On 1 Feb, 2023, Through resources, we found out about misconfigured & publicly available cloud storage at Digital Ocean Bucket with 3.6 million+ ICICI Bank docs. Files were disclosing confidential data related to
- The Bank Account Details,
- Bank Statements,
- Credit Card Numbers.
- Full Names,
- Dates of Birth,
- Home Addresses,
- Phone Numbers,
- Personal Identification Docs, and
- Employees & Interviewee’s CVs.
As you know, in most cases, adversaries’ potential targets are financial services, organizations might have confronted a serious situation, and due to that, client data also got in danger. What if the data got into the wrong hands, and which can be used with ill intention?
Moreover, the bucket also had information as follows.
- Clients’ Passports,
- IDs, & Indian PANs (Indian Taxpayer Identity Numbers),
- Know-your-customer (KYC) forms & bank statements, and
- CVs of existing employees and job candidates.
On 30 Mar 2023, ICICI Bank’s Digital Ocean Bucket’s access was totally blocked. Moreover, the report shows issues were resolved once the Bank and CERT-IN were informed about the leak.
Estimated Severity of ICICI Leak
According to Resources,
“The impact of the discovered ICICI leak is estimated to be severe, as the volume of personal data leakage is significant.” “Such sensitive information could undermine ICICI Bank’s reputation and may uncover details of the bank’s internal processes as well as jeopardize the safety and security of its clients, employees, and their data.”
Resources have a suspicion over adversaries that could misuse the data to commit crimes such as fraud and identity theft. It’s also possible that the breached data can help the adversary to open accounts with unauthorized access.
Whoever’s data has been compromised could become a victim of phishing attacks with ease. That’s because the data compromised in the attack involves.
- Credit Card Details, and
- Bank Account Numbers & Logins to Online Banking Platforms.
Most cases involve bank services getting in trouble because of phishing attacks. Thus, one must ensure the safety of their cloud storage buckets. By informing its users of data breaches, ICICI Bank reduced the chances of risk and potential damage. Moreover, several users tweeted that they had received a password reset request email from ICICI Bank.
Impacted clients should change their passwords and use unique & strong passcodes so that breaking into their accounts won’t be possible for the attacker with ease. The attacks were well synchronized, and passwords were easily guessable.
Users must learn about how to identify and avoid fake emails, websites, and phone calls. Moreover, they should be ever ready to report any suspicious activity to the banks with immediate effect. This will reduce the chances of cyber attacks.
For more amazing facts & information like this, you can follow us on News4Hackers. Leave a comment if you have any queries.
Kindly read another articles: