Some 10,000 credit or debit card holders have been affected by a data breach reported by Punjab National Bank (PNB), which is already reeling under a multi-crore rupee financial fraud by two fugitive luxury jewellers.
According to an Asia Times report, security experts believe that the sensitive details of customers of the state-run bank were offered for sale through a website for at least three months.
The Hong Kong-based English language news reported that the bank was tipped off on Wednesday night about the data breach by CloudSek Information Security, a company registered in Singapore that also has its office in Bengaluru. The firm monitors data transactions.
“We have a crawler that is deployed in the dark/deep web. These are sites on the Internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally,” chief technical officer Rahul Sasi was quoted as saying by the news site.
“Our crawler detects any such data and sends it to a Machine Learning software that we have created.
If this detects anything that is suspicious, and of interest to our clients, we immediately take action.”
PNB’s Chief Information Security Officer T. D. Virwani has confirmed it was working with the government to contain the fallout from the release of the data.
The data available for sale includes names, expiry dates, Personal Identification Numbers and Card Verification Values.
Sasi said two sets of data were released: some with CVV numbers and some without. The last date stamp on the data is January 29, 2018, indicating that the details are still current for thousands of card customers.