Cybercriminals on a popular hacker forum claimed in a viral claim of data theft of HDFC bank users that they had obtained the personal information of approximately 6,00,000 customers purportedly belonging to the India-based bank. HDFC has now flatly denied any data leak or breach of their systems.
We want to be clear that neither HDFC Bank nor any of its systems have been compromised by unauthorised access. In response to Twitter claims of data leaks, HDFC stated, “We remain confident in our systems. The bank went on to say that they take the security of customer data very seriously and that they continue to monitor their ecosystems and banking systems to maintain the highest levels of data security and safety.
According to the data theft claim reported by various media outlets, a hacker using the alias ‘Kernelware’ posted 7.5 GB of extremely sensitive information on client accounts to the hacker forum ‘Breached. vc’.
“Personal information of approximately 600,000 customers of the India-based HDFC Bank was allegedly leaked by hackers on a popular cybercriminal forum,” Privacy Affairs reported, including a screenshot of the alleged hacker forum.
Full names (including middle names), dates of birth, ages, phone numbers, personal emails, permanent emails, work emails, marriage status, gender, residence address lines, permanent address lines, zip codes, city, state, employment information, application information, loan information, transaction methods, processing fees, bank names and branches, credit scores, Experian scores, dealer names, transaction logs, transaction remarks are all included in the leak (cost, model, etc…). LOS IDS (the bank’s transaction software), loyalty card numbers, employee codes, and other miscellaneous items, according to the post, with the oldest logs dating back to May 2022 and the most recent ones added as recently as February 2023.
Though HDFC Bank claims there has been no unauthorised access to their systems, its NBFC arm, HDB Financial Services, has confirmed an incident at “one of our service providers who process some of our customer information.”
In order to stop any further unauthorized access, we have taken immediate action to secure the service provider’s system, according to HDB Financial. In order to stop similar incidents from happening again, we are also thoroughly reviewing the service provider’s security measures.
