HDFC Bank, one of the biggest private sector banks in India, on Tuesday denied the claims of an alleged data breach that may have exposed the personal information of almost 6 lakh customers, which was put up on sale on the Dark Web.
"There is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner, the official handle of HDFC Bank Cares on Tuesday posted on Twitter, denying the breach.
HDFC Bank customers' samples were posted on a hacker forum and 'the posted information appears to be genuine', as per Privacy Affairs website.
"We remain confident of our systems. However we treat the matter of our customers data security with utmost seriousness and we continue to," the bank further said.
A user leaked 7.5GB of HDFC Bank data for download on a well-known underground hacker forum, the media has reported. Furthermore, the alleged data of HDFC Bank customers is available to download for free and no payment is required to download the information, which may contain sensitive information such as full names, physical addresses, email addresses and sensitive financial data.
According to a report by news agency IANS, "The criminals explained that the hack was allegedly obtained just recently, in early March 2023, and contains data from May 2022 to March 2023.
Several Twitter users on March 6 posted about facing outages, failed transfers and even scam messages on the official HDFC Bank mobile app. There has been a surge in spam bank text messages in the recent past.
It should be noted that State Bank of India (SBI), ICICI Bank, and HDFC Bank continue to remain in the Reserve Bank of India (RBI) lists of Domestic Systemically Important Banks (D-SIBs). Domestic Systemically Important Banks (D-SIBs) in simplers terms are those banks whose failure can impact the whole of the financial system and create instability. That is why banking regulators like the RBI put them on a list of lenders that are too big to fail.