Punjab National Bank (PNB)'s Sensitive Information of 10,000 Credit and Debit Card Data Breached
The leaked information includes Names, Personal Identification Numbers (PIN), Expiry Dates and card verification values online.
Credit and debit cards details are selling on Darkweb websites. Darkweb is illegally selling underground services such as Hacking or other leaked information.
Firstly CloudSek team identified a listing that claimed to have multiple cards that belonged to PNB that were put up for sale on a DarkWeb site. "We immediately tried reaching out to PNB using the cybercrime contact emails that were listed on their website. But that email bounced. said Rahul Sasi, CTO of Cloudsek.
On 21st, Feb, 8:10 PM company was able to get in touch with PNB officials via a third party source. The PNB officials were quick to respond as they got a call back the same day at 10.00 PM from PNB security officials. We provided them a detailed report about the leaked data.
On 22nd, Feb, 1:10 AM we provided them a more detailed report. And the officials ensured swift action."
“We believe, on preliminary analysis, that the data has been available for at least three months. While this is yet to be firmly established, we are carrying out our forensic investigation,” said a government official familiar with the case. Virwani was asked by Asia Times to comment on the breach, but has not yet responded. A message received from him states that he was not authorized to respond to the media and the queries have been forwarded to the Corporate Communications department. The story will be updated as and when a response is received.
“Usually these sites on the deep/dark web build up reputations on the authenticity of the data they sell illegally. This particular site has a very good reputation. They offer a sample size to buyers to establish their credentials before the sale is made. In this case they were offering to sell the data at US$4.90 per card,” he reported
PNB is already suffering from the latest fraud case worth 11,400 Crore in Indian Rupees. The firms were unable to pay to Bank after their bank accounts were frozen by the ED and the CBI in connection with the alleged Rs 11,400-crore scam.
In India, there are still some Banks and ATM's running on Windows XP, however support for Windows XP ended on 8 April 2014. Microsoft will no longer provide security updates or technical support for the Windows XP operating system. It is very important that customers and partners migrate to a modern operating system such as latest Microsoft Operating System Windows 10.