A vulnerability in the server of Punjab National Bank (PNB) reportedly exposed the financial and personal data of approximately 180 million clients in seven months. Researchers claimed that the flaw inside PNB’s server could provide full access to the said bank’s overall digital banking system, which may also give malicious threats to administrative control.
Punjab National Bank is an India-based government-owned bank located at the heart of the country in New Delhi, India. The bank is under the Indian government’s Ministry of Finance and was founded in May of 1894. It is the second-largest government-owned bank inside the Indian territory which has about 180 million clients, over 13k ATMs, and 12,000+ branches.
Punjab National Bank denies the alleged data exposure claimed by the researchers.
The flaw found inside Punjab National Bank’s internal server allegedly can provide malicious threat actors with full access to the highest level of administrative privileges. If this access can come to fruition, it can expose all clients financial and personal data. An expert that discovered the flaw released a statement that their discovery can also leave access to confidential internal emails and logins of all employees throughout every branch and system.
The expert then added that their firm discovered the vulnerability lately, which may have been left unattended for several months before the discovery. However, Punjab National Bank denied that they exposed any crucial data during the previous months. The bank also told the authorities that they had tracked the flaw and that possible intruders damaged no sensitive data.
The Indian bank also added that the server where the vulnerability was being utilised as one of the numerous exchange hybrid servers used to guide emails from On-prem to Office 365. Therefore, there are no sensitive data saved in the server with the identified flaw.
According to researchers, any threat actor could effortlessly take over and access financial transactions, client load deals, and accounts of all the customers if they exploited the flaw. The researchers asked for a complete security audit of the bank’s systems to clarify and address all raised accusations.
