One of the biggest banks in the private sector in India is ICICI Bank. It has purportedly disputed knowledge about a data breach wherein the private data of its 35 lakh users may have been exposed. According to the audit, ICICI’s poor management allowed consumers’ financial and personal data to be stored “in the cloud and accessible to anyone.”
The Finding
The said URLs are not owned or controlled by the Bank. Therefore, it cannot be said that there was a configuration error on the Bank’s end, as stated in the article.
The four papers that could be discovered in the URLs appeared to be personal uploads for storage. They never jeopardize account security.
We took action to remove the URLs because the documents contained the Bank’s name.
As stated in the post, there is no proof that the 3.6 million files containing consumer data are available.
ICICI Bank Rejects Data Breach Reports
The allegations of a data leak have been rejected by ICICI Bank. The bank has emphasized again how strong and safe its data security systems are. Customers have been reassured that the bank takes the security of their personal information very seriously and should not be alarmed about claims of data breaches.
Additionally, ICICI has emphasized that it strictly complies with data protection and privacy regulations and employs all practical safeguards to secure the personal data of its clients. Any organization distributing untrue information about data breaches will be subject to legal action by the bank. This is an effort to harm its standing.
Rahul Neel Mani, vice president of community engagement & editorial at ISMG, released information about ICICI Bank’s 4-point denial of CyberNews’ findings on LinkedIn. The said URLs are not owned or controlled by the Bank. Therefore, the possibility of a configuration error on the part of the Bank, as suggested in the article, is unfounded.
The four papers that could be discovered in the URLs appeared to be personal uploads for storage. They never jeopardize account security. We took action to remove the URLs because the documents contained the Bank’s name.
As stated in the post, there is no proof that the 3.6 million files containing consumer data are available.
In June 2022, the Indian government red-flagged ICICI Bank’s information security:
In a blog post, veteran cyber law expert Vijayashankar Na writes that MeitY issued a notification on June 16, 2022, designating ICICI’s core banking system (CBS), real-time gross settlement system (RTGS), national electronic fund transfer system (NEFT), and structured financial messaging server as protected systems.
Naavi is a non-profit organization dedicated to developing cyber jurisprudence in India.
Vijayashankar described it as a “huge embarrassment” as MeitY’s directive required a CERT-In representative to be a member of the ICICI Bank’s information security governance council to oversee all information security policies and implementations.
There are rumors that HDFC Bank and NPCI received identical directions, but the ICICI Bank gazette notification is the only one that is available.
According to Vijayashankar, the government decided to appoint a cyber security watchdog for ICICI because it believes that the system’s disablement or destruction will have a “debilitating impact on national security, the economy, public health, or safety.”
