Vulnerability in PNB server as reported by CyberX9 – PNB denies breach of systems and pilferage of personal data of account holders
In its report dated November 21, 2021, the cybersecurity firm CyberX9 had stated that its research team discovered a very critical security issue in Punjab National Bank (PNB) on 17th November 2021, which was leading to access to highest level privileges of administrator in an internal server of PNB hence exposing a massive number of PNB’s systems nationwide wide open to the whole internet for cyber attacks for the last ~7 months
According to the CyberX9 there is high possibility that malicious attackers might’ve already exploited this vulnerability in PNB to infiltrate into their systems to steal funds or personal and financial data of over 180 million (all) of it’s customers. PNB needs a thorough security audit of all of it’s systems since they could’ve been covertly infiltrated into already and just patching this vulnerability now after ~7 months simply won’t help secure the bank and customers fund and data again. We don’t know if there are malicious attackers still in their systems. Until such audit has been done PNB can’t be considered secure.
The PNB is response to the media report published in newspapers reporting data exposure of account holders of PNB had clarified as under:
(i) We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB.
(ii) It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.
(iii) Bank has deployed data leak prevention solutions which prevent any unauthorized data to be sent through emails. The said zone does not permit unauthorised access to any one including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms.
(iv) The bank is certified with International ISO 27001 best information security practices which are validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.
PNB has assured all customers that the bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. It has been stated that the PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers.
No addition can be made on the basis of the statement recorded during survey u/s 133A from the husband who…
Satisfaction note u/s 153C should be prepared for each Assessment Year mentioning the documents seized in respect of each AY.…
A Writ Petition should be filed within a reasonable period, High Court dismissed Petition challenging order passed u/s 119(2)(b) In…
Excel Form 10E-Salary Arrears Relief calculator AY 2026-27 (FY 2025-26) for claiming rebate under section 89(1) of Income Tax Act…
CBIC prescribes procedure for handling of returning export cargo from international waters due to closure of the Strait of Hormuz…
Addition u/s 68 of the Income Tax Act towards entries of cash deposit in bank statement upheld even though assessee…