Snag exposed PNB data: CyberX9
NEW DELHI: A vulnerability in the server of Punjab National Bank allegedly exposed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9.
CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB with administrative control. Meanwhile, the bank has confirmed about the glitch but denied any exposure of critical data due to the vulnerability.
PNB said “customer data/ applications are not affected due to this” and “server has been shut down as a precautionary measure.” “Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC,” CyberX9 founder and MD Himanshu Pathak told PTI.
He said CyberX9 research team discovered a very critical security issue in PNB which was leading to admin access to internal servers hence exposing a massive number of banks’ systems nationwide open for cyber-attacks for the last about seven months. Pathak said that vulnerability was found in an exchange server which is interconnected with other exchanges and shares all access.
“The vulnerability which we discovered was leading to the highest level of admin privilege in PNB’s exchange servers. These computers even include those that are being used in their branches and other departments,” Pathak said.