Vulnerability in PNB server as reported by CyberX9 – PNB denies breach of systems and pilferage of personal data of account holders
In its report dated November 21, 2021, the cybersecurity firm CyberX9 had stated that its research team discovered a very critical security issue in Punjab National Bank (PNB) on 17th November 2021, which was leading to access to highest level privileges of administrator in an internal server of PNB hence exposing a massive number of PNB’s systems nationwide wide open to the whole internet for cyber attacks for the last ~7 months
According to the CyberX9 there is high possibility that malicious attackers might’ve already exploited this vulnerability in PNB to infiltrate into their systems to steal funds or personal and financial data of over 180 million (all) of it’s customers. PNB needs a thorough security audit of all of it’s systems since they could’ve been covertly infiltrated into already and just patching this vulnerability now after ~7 months simply won’t help secure the bank and customers fund and data again. We don’t know if there are malicious attackers still in their systems. Until such audit has been done PNB can’t be considered secure.
The PNB is response to the media report published in newspapers reporting data exposure of account holders of PNB had clarified as under:
(i) We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB.
(ii) It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.
(iii) Bank has deployed data leak prevention solutions which prevent any unauthorized data to be sent through emails. The said zone does not permit unauthorised access to any one including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms.
(iv) The bank is certified with International ISO 27001 best information security practices which are validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.
PNB has assured all customers that the bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. It has been stated that the PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers.
Date of digital signature and issuance determines the date of a notice u/s148 of the Income Tax Act - ITAT…
DGFT authorises IACCIA to issue Certificate of Origin (Non- Preferential) w.e.f. 9th January 2026 In exercise of powers conferred under…
Net profit rate may not per se experience variation commensurate to the increase of turnover. In a recent judgment, Allahabad…
Mushroom growing apparatus cannot be classified as ‘agricultural machinery’ under Customs Tariff Heading 8436. In a recent judgment, Hon'ble Supreme…
Statutory presumption attached to issuance of a cheque, being one made in discharge of a legally enforceable debt or liability,…
Merely because the authority conducting auction expects higher bid than the highest bidder is no reason to discard the highest…