Data Leak is becoming one of the biggest threats to the digital world. Just recently India’s largest bank State Bank of India found itself in the middle of a ‘data leak’ controversy.
According to a report in TechCrunch, the bank exposed financial information of its customers through an unprotected server. The exposed data contained partial account numbers, balances, transaction details and much more. The bank has now managed to secure the server but there is still no clarity on whether the server data was mined by an external source.
A server that wasn’t password protected at the SBI’s Mumbai based data center, lead to the leak. The server was used for the purpose of hosting bank information about customers using SBI Quick a service that enables customers to get updates about recent transactions, credit information etc. A poor configuration and lack of server management have been responsible for the data being out in the open.
Since the server held information around SBI Quick, it exposed the messages that were sent to the customers which contained information like bank balances, mobile numbers, recent transactions, and partial account numbers. It isn’t very difficult to use the information from this unprotected server and commit fraud.
Well, it may not be all that bad, because the server did not give out any information like username and password of the account holder and hence they may not be at direct risk. But the mobile numbers, balance information can tell a lot about an account holder’s potential and they could be tricked to leak more information which the criminals can use against them and take away all the money from the account.
Since the contact details are out in the open, the first thing one can do is to not share any personal and account details over the phone and otherwise with anyone. Try changing the password frequently and avoid using public WI-FI to access your bank details, as this could give the hacker an opportunity to introduce malware into your device.
The SBI episode brings to light the fact that banks must invest in more robust technologies and have stronger policies and awareness program. They must also use the white hacker approach to take care of any leaks by conducting mock hacking drills. Banks must also regularly update their password management systems.