Vulnerability in PNB server as reported by CyberX9 – PNB denies breach of systems and pilferage of personal data of account holders
In its report dated November 21, 2021, the cybersecurity firm CyberX9 had stated that its research team discovered a very critical security issue in Punjab National Bank (PNB) on 17th November 2021, which was leading to access to highest level privileges of administrator in an internal server of PNB hence exposing a massive number of PNB’s systems nationwide wide open to the whole internet for cyber attacks for the last ~7 months
According to the CyberX9 there is high possibility that malicious attackers might’ve already exploited this vulnerability in PNB to infiltrate into their systems to steal funds or personal and financial data of over 180 million (all) of it’s customers. PNB needs a thorough security audit of all of it’s systems since they could’ve been covertly infiltrated into already and just patching this vulnerability now after ~7 months simply won’t help secure the bank and customers fund and data again. We don’t know if there are malicious attackers still in their systems. Until such audit has been done PNB can’t be considered secure.
The PNB is response to the media report published in newspapers reporting data exposure of account holders of PNB had clarified as under:
(i) We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB.
(ii) It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.
(iii) Bank has deployed data leak prevention solutions which prevent any unauthorized data to be sent through emails. The said zone does not permit unauthorised access to any one including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms.
(iv) The bank is certified with International ISO 27001 best information security practices which are validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.
PNB has assured all customers that the bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. It has been stated that the PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers.
Engagement of 'Young Professional' in the office of the PCCT Bihar & Jharkhand Engagement of 'Young Professional' in the office…
CGPDTM invites applications for hiring contractual manpower and Young Professionals The Controller General Patents, Designs & Trade Marks has invited…
Sundry creditors outstanding in books can’t be treated income u/s 41(1) merely because recovery was barred by limitation - ITAT…
For claiming exemption u/s 11, assessee is required to furnish return of income within time allowed u/s 139 and not…
FAQs on amendment proposed to rates of Tax Collection at Source u/s 394(1) of the Income-tax Act, 2025 Income Tax…
FAQs on amendment proposed in Updated return provisions under section 263(6) of Income Tax Act 2025 by Budget 2026-27 Income…