Advertisement

Home / Business / PNB server vulnerability exposed personal data of 180m customers

PNB server vulnerability exposed personal data of 180m customers

Cyber security firm CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of the bank with administrative control
Representational image.
Representational image.
Shutterstock

PTI   |   New Delhi   |   Published 22.11.21, 01:55 AM

A vulnerability in the server of Punjab National Bank allegedly exposed the personal and financial information of its about 180 million customers for about seven months, according to cyber security firm CyberX9. 

CyberX9 has claimed that the vulnerability provided access to the entire digital banking system of PNB with administrative control. Meanwhile, the bank has confirmed the glitch but denied any exposure of critical data .

Advertisement

PNB said “customer data, applications are not affected due to this” and “server has been shut down as a precautionary measure”.

“PNB kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last seven months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC,” CyberX9 founder and MD Himanshu Pathak said.

He said the CyberX9 research team discovered a very critical security issue in

PNB which was leading to admin access to internal servers so exposing a massive number of banks’ systems nationwide open for cyber-attacks for the last about seven months.   

The vulnerability was found in an exchange server  interconnected with other exchanges and shares all access, including  email IDs. When contacted, PNB said the server had no sensitive or critical data.            

“The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from on-prim to Office 365 Cloud. There is no sensitive/critical data in this server,” PNB said. 

The bank denied CyberX9’s claim on the impact of the vulnerability on customers’ data.



Advertisement
Advertisement
Advertisement
 
 
 
Copyright © 2020 The Telegraph. All rights reserved.