In a viral claim of data theft of HDFC bank users, cybercriminals on a popular hacker forum wrote
That they have obtained personal information of around 6,00,000 customers purportedly belonging to the India-based bank. Now, HDFC has categorically denied any data leak or breach of their systems.
“We wish to state that there is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. We remain confident of our systems,” HDFC replied to the data leak claims on Twitter. The bank further added that they treat the matter of customers data security with utmost seriousness, “we continue to monitor bank systems and our ecosystems to ensure highest standards of data security and safety”.
The data theft claim reported by various media agencies allegedly said hacker with the alias ‘Kernelware’ posted 7.5 GB of extremely sensitive information on client accounts to the hacker forum ‘Breached.vc’.
“Personal information of around 600,000 customers of the India-based HDFC Bank has allegedly been leaked by hackers on a popular cybercriminal forum,” Privacy Affairs reported sharing screengrab of the alleged hacker forum.
The leak contains many things such as full names (with middle name included), date of births, age, phone numbers, personal emails, permanent emails, work emails, marriage status, gender, residence address lines, permanent address lines, zip codes, city, state, employment information, application information, loan information, transaction methods, processing fees, bank names and branches, credits scores, Experian scores, dealer names, transaction logs, transaction remarks, margin money logs, general asset logs (cost, model, etc…). LOS IDS (LOS is a transaction software that the bank uses), loyalty card numbers, employee codes, and other miscellaneous things, the post read, adding that the oldest logs are from May 2022 with the most recent ones being added as early as February 2023.
Though HDFC bank says there is no unauthorised access to their systems, its NBFC arm HDB Financial services has confirmed, Mint reported, that there was an incident at “one of our service providers who processes some of our customer information.”
HDB Financial stated, “We have taken immediate steps to secure the service provider’s system to prevent any further unauthorized access. In addition, we are conducting a thorough review of the security measures adopted by the service provider to prevent similar incidents from happening in the future.”
“We have also notified the regulator and CERT-IN and we are working with them to investigate this incident to the fullest,” it added.