Vulnerability in PNB server as reported by CyberX9 – PNB denies breach of systems and pilferage of personal data of account holders
In its report dated November 21, 2021, the cybersecurity firm CyberX9 had stated that its research team discovered a very critical security issue in Punjab National Bank (PNB) on 17th November 2021, which was leading to access to highest level privileges of administrator in an internal server of PNB hence exposing a massive number of PNB’s systems nationwide wide open to the whole internet for cyber attacks for the last ~7 months
According to the CyberX9 there is high possibility that malicious attackers might’ve already exploited this vulnerability in PNB to infiltrate into their systems to steal funds or personal and financial data of over 180 million (all) of it’s customers. PNB needs a thorough security audit of all of it’s systems since they could’ve been covertly infiltrated into already and just patching this vulnerability now after ~7 months simply won’t help secure the bank and customers fund and data again. We don’t know if there are malicious attackers still in their systems. Until such audit has been done PNB can’t be considered secure.
The PNB is response to the media report published in newspapers reporting data exposure of account holders of PNB had clarified as under:
(i) We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB.
(ii) It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.
(iii) Bank has deployed data leak prevention solutions which prevent any unauthorized data to be sent through emails. The said zone does not permit unauthorised access to any one including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms.
(iv) The bank is certified with International ISO 27001 best information security practices which are validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.
PNB has assured all customers that the bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. It has been stated that the PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers.
- TDS deductors given relief for non deduction of TDS at higher rate for inoperative PANs
- Reassessment order quashed due to error in personal hearing video conferencing link
- Assessee may show that it was over assessed under erroneous impression of law
- Education Cess cannot be allowed as an expenditure in view of later amendment – SC
- Cash deposit cannot be shifted from live person to a deceased just because he was joint holder
