State Bank of India (SBI) clarified that no data breach occurred in their banking system. Responding to the recent media statement about failing to safeguard the financial records of its customers, SBI officials declared that there was no incident of customer data loss.
Responding to media queries on recent reports of data leakage involving the bank, SBI chairman Rajnish Kumar said, “Customer data security is the top most priority for us. None of our customers lost data, there was a gap in the process that caused the error, but no incident of customer data loss was reported. Also, no customer-identifiable information, username or passwords of any account holder, was kept on the system.”
“We are reviewing the entire systems. We have been examining the issue in totality to ensure complete safety and security of data and storage.” Kumar added.
The declaration comes after TechCrunch reported that an unprotected SBI’s server allowed potential attackers to view the data of millions of SBI account holders. It’s believed that the back-end text message system of SBI’s mobile banking services exposed the sensitive information, including customers’ phone numbers, partial account numbers, balance details, recent transactions, and other sensitive information. It’s unclear that how long the insecure database, that store data from SBI’s Quick, YONO app, and other cell-based banking services, exposed the customers’ data online, the publisher stated.
In order to advance the preparedness of Indian banks against cyber-attacks, the RBI is working on enhancing cybersecurity mechanisms. The central bank announced an enhanced security mechanism as part of its agenda for the fiscal year 2018-19 to provide high-level protection against cybersecurity threats.
The RBI’s report said the new agenda includes taking effective steps to initiate the process of developing a cybersecurity culture, endeavor to make cybersecurity a responsibility, and ensure confidentiality, integrity, and availability of information system and resources. According to the report, the new private sector and foreign banks accounted for 36 percent each of all cyber frauds reported in debit, credit, and ATM cards.