Nifty99000 100%

Sensex99000 100%

Article rating: No rating
Article rating: No rating
Article rating: No rating
Article rating: 3.5
Article rating: 5.0
Article rating: No rating
Article rating: 4.7
Article rating: No rating
Article rating: No rating
Article rating: 5.0
Article rating: No rating
Article rating: No rating
Article rating: No rating
Article rating: No rating
Article rating: No rating
Article rating: 5.0


PNB should fix data breach: CloudSek

Author: IANS/Friday, February 23, 2018/Categories: Banking & Financial Services

PNB should fix data breach: CloudSek

New Delhi, Feb 23 - A day after reports surfaced that nearly 10,000 credit or debit card holders of Punjab National Bank (PNB) were affected by a data breach, the cyber security firm that detected the breach on Friday said it is now the responsibility of the bank to validate and take necessary actions.

CloudSek Information Security, a company registered in Singapore that also has its office in Bengaluru, gave a detailed account of how they spotted the data breach and its communication with PNB.

"On 20th Feb, we identified a listing that claimed to have multiple cards that belonged to PNB that were put up for sale on a DarkWeb site. We immediately tried reaching out to PNB using the cybercrime contact emails that were listed on their website. But that email bounced," CloudSek Chief Technical Officer Rahul Sasi said in a statement. 

"On 21st, Feb, 8.10 PM we were able to reach to PNB officials via a third party source. The PNB officials were quick to respond as we got a call back the same day 10.00 PM from PNB security officials. We provided them a detailed report about the leaked data," he added.

"On 22nd, Feb, 1.10 we provided them with a more detailed report. And the officials ensured swift action," Sasi further said.

The data available for sale includes names, expiry dates, Personal Identification Numbers and Card Verification Values.

A report in Hong Kong-based English language news website Asia Times, however, claimed on Thursday that PNB's Chief Information Security Officer T.D. Virwani has confirmed that the bank was working with the government to contain the fallout from the data breach. 

According to Sasi, at this stage, CloudSEK has no method to ensure if a listed data is authentic or not. 

"Nor we do not put any effort to validate that data. It is the responsibility of the bank to validate and take necessary actions," he noted. 

Dark Web is an unexplored portion of the Internet which is not generally found on Google searches. 

The Dark Web hosts many underground services such as Hacking as a Service, insider information for sale, sensitive account information like Bank credentials and much more.

"Many a time, credit card sellers try to dupe their customers by sandwiching a few valid credit card data between hundreds of fake data," Sasi said.

CloudSEK said no other bank has been affected in this data breach.

"We at CloudSEK maintain a unique hash related to the different data leaks for the past 2 years, and this hash helps us identify old/invalid leaks. This is how we have come to the conclusion that only one bank had unresolved leaks that are yet to be fixed," Sasi stressed.

PNB is already reeling under a multi-crore-rupee financial fraud by two fugitive luxury jewellers.

Print Rate this article:
No rating

Number of views (184)/Comments (0)

rajyashree guha


Other posts by IANS
Contact author

Leave a comment

Add comment



Ask the Finapolis.

I'm not a robot
Dharmendra Satpathy
Col. Sanjeev Govila (retd)
Hum Fauji Investments
The Finapolis' expert answers your queries on investments, taxation and personal finance. Want advice? Submit your Question above
Want to Invest



The technical studies / analysis discussed here can be at odds with our fundamental views / analysis. The information and views presented in this report are prepared by Karvy Consultants Limited. The information contained herein is based on our analysis and upon sources that we consider reliable. We, however, do not vouch for the accuracy or the completeness thereof. This material is for personal information and we are not responsible for any loss incurred based upon it. The investments discussed or recommended in this report may not be suitable for all investors. Investors must make their own investment decisions based on their specific investment objectives and financial position and using such independent advice, as they believe necessary. While acting upon any information or analysis mentioned in this report, investors may please note that neither Karvy nor Karvy Consultants nor any person connected with any associate companies of Karvy accepts any liability arising from the use of this information and views mentioned in this document. The author, directors and other employees of Karvy and its affiliates may hold long or short positions in the above mentioned companies from time to time. Every employee of Karvy and its associate companies is required to disclose his/her individual stock holdings and details of trades, if any, that they undertake. The team rendering corporate analysis and investment recommendations are restricted in purchasing/selling of shares or other securities till such a time this recommendation has either been displayed or has been forwarded to clients of Karvy. All employees are further restricted to place orders only through Karvy Consultants Ltd. This report is intended for a restricted audience and we are not soliciting any action based on it. Neither the information nor any opinion expressed herein constitutes an offer or an invitation to make an offer, to buy or sell any securities, or any options, futures or other derivatives related to such securities.

Subscribe For Free

Get the e-paper free