You are here: Home » News-IANS » Business-Economy
Business Standard

It is PNB's responsibility to validate, fix data breach: CloudSek

IANS  |  New Delhi 

A day after reports surfaced that nearly 10,000 credit or holders of (PNB) were affected by a data breach, the cyber firm that detected the breach on Friday said it is now the responsibility of the to validate and take necessary actions.

CloudSek Information Security, a company registered in that also has its office in Bengaluru, gave a detailed account of how they spotted the and its communication with PNB.

"On 20th Feb, we identified a listing that claimed to have multiple cards that belonged to PNB that were put up for sale on a DarkWeb site. We immediately tried reaching out to PNB using the cybercrime contact emails that were listed on their website. But that email bounced," CloudSek said in a statement.

"On 21st, Feb, 8.10 PM we were able to reach to PNB officials via a third party source. The PNB officials were quick to respond as we got a call back the same day 10.00 PM from PNB officials. We provided them a detailed report about the leaked data," he added.

"On 22nd, Feb, 1.10 we provided them with a more detailed report. And the officials ensured swift action," Sasi further said.

The data available for sale includes names, expiry dates, Personal Identification Numbers and Card Verification Values.

A report in Hong Kong-based English language news website Asia Times, however, claimed on Thursday that PNB's Chief Information Officer has confirmed that the was working with the government to contain the fallout from the

According to Sasi, at this stage, CloudSEK has no method to ensure if a listed data is authentic or not.

"Nor we do not put any effort to validate that data. It is the responsibility of the bank to validate and take necessary actions," he noted.

Dark Web is an unexplored portion of the Internet which is not generally found on searches.

The Dark Web hosts many such as Hacking as a Service, insider information for sale, sensitive account information like Bank credentials and much more.

"Many a time, credit card sellers try to dupe their customers by sandwiching a few valid credit card data between hundreds of fake data," Sasi said.

CloudSEK said no other bank has been affected in this

"We at CloudSEK maintain a unique hash related to the different data leaks for the past 2 years, and this hash helps us identify old/invalid leaks. This is how we have come to the conclusion that only one bank had unresolved leaks that are yet to be fixed," Sasi stressed.

PNB is already reeling under a multi-crore-rupee financial fraud by two fugitive luxury jewellers.



(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Fri, February 23 2018. 14:30 IST