A massive data breach has allegedly compromised the personal and financial information of over 13 million Indian bank customers. A threat actor claimed responsibility for the hack, which they offered for sale to a single buyer for $10,000. The revelation has raised significant concerns about the state of data security in India’s banking sector.
Details of the Alleged Data Leak
The compromised data reportedly includes:
- Full names of account holders
- Bank account numbers
- IFSC codes
- Registered mobile numbers
- Email addresses
The hacker has shared a sample of 6,000 records as proof, and the full dataset is said to be 11.2GB in size, formatted as CSV. The threat actor insists that the data will only be sold to one buyer, offering escrow services to ensure a secure transaction.
Banks Allegedly Affected by the Breach
The breach allegedly affects customer databases from several prominent Indian banks, including:
- State Bank of India (SBI)
- HDFC Bank
- ICICI Bank
- Kotak Mahindra Bank
Other private and public sector banks
Though the exact method of the attack remains unknown, experts speculate that the vulnerability may have been exploited via third-party banking APIs or KYC data aggregators.
Potential Risks and Consequences
If the breach is confirmed, cybersecurity experts warn of severe implications, including:
- Financial Fraud: The exposure of account numbers and phone numbers could lead to targeted phishing or vishing attacks.
- Identity Theft: With email, phone, and banking details available, attackers could carry out impersonation and KYC fraud on a large scale.
- Reputational Damage: If major banks are confirmed as victims, the breach could seriously damage consumer trust and complicate regulatory compliance for the fintech sector.
Experts describe this breach as a “bombshell,” noting the high level of sophistication involved, especially with the use of escrow services in the transaction.
Authorities Remain Silent on the Breach
As of now, there has been no official response from Indian authorities, including CERT-In or the Reserve Bank of India (RBI). The banks affected by the breach have not confirmed or denied the claims.
Dark Web Trends and Growing Concerns
This breach highlights a concerning trend on the dark web, where threat actors increasingly trade sensitive data like a commodity. Threat actors have become more business-like, offering samples, using escrow services, and negotiating exclusive deals with buyers. With the rise of digital banking and fintech, banking data has become a prime target for cybercriminals, fueling fears of more widespread breaches.
The full extent of the breach remains unclear, but cybersecurity experts are closely monitoring developments as further details emerge.
