ICICI Bank Data Leak – Millions of Customers’ Sensitive Data Exposed

Researchers have recently found that the ICICI Bank systems misconfiguration caused data leakage, exposing more than 3.6 million customers’ sensitive data.

ICICI Bank, a multinational Indian bank, operates in 15+ countries worldwide and boasts a market value exceeding $76 billion with 5,000+ branches across India.

The Indian government declared ICICI Bank’s resources as “critical information infrastructure” in 2022, signifying that any harm may have severe implications on national security.

Data Leak

Threat actors target financial services and organizations more frequently than other sectors. And in this case, if they managed to gain complete access to the leaked data, it could damage both the bank and its customers.

ICICI Bank’s sensitive data and its clients’ information were exposed when the Cybernews research team found a misconfigured and publicly accessible Digital Ocean bucket with over 3.6 million files on February 1.

Here below, we have mentioned the types of data leaked:-

  • Bank account details
  • Credit card numbers
  • Full names
  • Dates of birth
  • Home addresses
  • Phone numbers
  • Emails

In addition to leaking bank statements and filled-in KYC forms, the bucket exposed clients’ passports, IDs, and Indian PANs (taxpayer identification numbers).

In the storage, CVs of current employees of the bank, as well as job applicants, were found. This is another indication that the leak also affected staff at the bank.

The impact of the leak is expected to be severe due to the massive amount of personal data is leaked, which can potentially damage:-

  • Reputation of the bank
  • Expose internal processes of the bank
  • Compromise the safety and security of clients’ sensitive data
  • Compromise the safety and security of employees’ sensitive data

According to the report, Leaked data could enable threat actors to engage in identity theft and fraud, such as creating accounts in individuals’ names without their knowledge using stolen credentials and personal information.

Not only that, even as a result, spear phishing campaigns may target employees, businesses, and individuals whose data has been exposed, putting them at risk.

Also, selling data on the dark web is a potential risk, and ICICI Bank could also become a target of ransomware attacks.

Company’s Response

After identifying the issue, the security researchers immediately contacted the following entities in an attempt to report this loophole:-

  • ICICI Bank
  • Indian Computer Emergency Response Team (CERT-IN)

As soon as they reported the issue to ICICI Bank, they acted immediately, and on March 30, they restricted all public access to their Digital Ocean bucket.

When security experts at Cybernews tried to get an official comment from the communication team of the ICICI Bank, they received the following reply via email from the bank:-

“Thanks for your email. With regards to it, we do not know which incident you are referring to.”

Later when they tried to establish their communication with the bank’s Corporate Communications Team, they rejected the email sent by a Cybernews journalist.

Recommendations

Here below, we have mentioned all the recommendations that the security analysts provide:-

  • It is recommended that cloud storage buckets be secured as much as possible to prevent such data leaks.
  • ICICI Bank must notify its customers of the data leak so they can minimize the risk and further damage that may occur.
  • Bank should directly guide all its users to report any suspicious activity immediately to ICICI Bank to identify and avoid fraudulent emails, websites, and calls.
  • Passwords must be changed, and vital login details should be created for those affected.
  • Make sure to enable 2-Factor authentication.

Follow us on LinkedIn & Twitter for Daily Cyber Security News Updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been…

5 hours ago

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government, defense,…

5 hours ago

Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of…

6 hours ago

Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details

In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in…

6 hours ago

DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations

The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia,…

6 hours ago

New Malware Uses Legitimate Antivirus Driver to Bypass All System Protections

In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that…

6 hours ago