10,000 PNB customers affected by data breach
According to media reports, a data breach in the Punjab National Bank (PNB) has affected around 10,000 credit or debit cardholders. It is believed that personal information like names, card expiry dates, Personal Identification Numbers (PIN), and Card Verification Values (CVV) of customers of the state-run bank were up for sale on the internet for at least three months.
PNB working with government to solve the issue
The breach was first noticed by CloudSek Information Security, a Singapore- and Bengaluru-based firm that monitors data transactions, after which it tipped off PNB about the issue. Further, PNB's Chief Information Security Officer TD Virwani has also confirmed that the bank is in the process of working with government security agencies to see how much data has been released and do subsequent damage control.
PNB is already grappling with the Nirav Modi case
Notably, PNB is already in the limelight for a multi-crore financial fraud by diamond trader Nirav Modi. The luxury jeweler embezzled Rs 11,400 crore with the help of PNB employees by obtaining fake LoUs from the bank. The investigation for the same is underway.
This is how the data breach was discovered
"We have a crawler that is deployed in the dark/deep web. These are sites which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally," CloudSek Information said. "Our crawler detects any such data and sends it to a machine learning software. If it detects anything suspicious we immediately take action," it added.
The breached personal information is still current
The last date stamp on the data that was released online is January 29, 2018. This means that any personal information of PNB card holders that has been bought or sold is still current, making the breach high-risk in nature.
