The Punjab National Bank has detected a data breach that has exposed sensitive information related to as many as 10,000 debit and credit card accounts, the Asia Times reported on Thursday. Officials suspect that the information has been available for purchase through a website for at least three months.
A data-monitoring company registered in Singapore, CloudSek Information Security, had detected the breach on February 20. In a statement, the firm said it had relayed the information to the bank through a government agency on February 21. The bank was not aware of the breach until the firm tipped it off, according to the news report.
The leaked information includes names, account expiry dates, Personal Identification Numbers and Card Verification Values. The company said it could not confirm whether the leaked data was authentic.
The Asia Times report quoted an official as saying that the government was carrying out a forensic investigation into the alleged data breach. Punjab National Bank’s Chief Information Security Officer TD Virwani refused to comment on the matter.
The Punjab National Bank has been in the news over reports that businessman Nirav Modi, his associated companies and his uncle cheated it of Rs 11,380 crore.
The data monitoring firm said it had detected the breach on the dark web. “We have a crawler that is deployed in the dark/deep web,” the firm’s Chief Technical Officer Rahul Sasi told Asia Times. “These are sites on the internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally. Our crawler detects any such data and sends it to a Machine Learning software that we have created.”
The firm had to contact the bank via the government agency as Punjab National Bank is not on its client list, Sasi said. In the statement, CloudSek Information Security said its investigation showed that no other banks were affected by the breach.