Comments
Following several reports of vulnerability found in Punjab National Bank’s internal server, exposing personal and financial information of customers, the bank on Monday denied any breach of system and possibility of data exposure. The bank has deployed data leak prevention solutions that stops any unauthorized data to be sent through emails, it said.
“We have thoroughly checked our ICT systems those on Internet facing and operating in the background at PNB. There has been no breach of systems and pilferage of any personal data of any of our customers and account holders of PNB,” the bank said in a statement.
Read also - PNB server vulnerability may have exposed data of over 180 m customers: CyberX9
It added, “It is an established fact that hackers regularly attempt to penetrate every and all Internet facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of perpetrator was monitored and checked. All our critical ICT systems dealing with banking transactions are kept in secure zone, called DM zone with multiple layers of protection.”
CyberX9 report
The alleged vulnerability came into light, when cyber security firm CyberX9 published a blog post saying that apart from its 180 million customers, the glitch leaves access to confidential internal emails and logins of all strata of employees across branches and systems, including the CMD exposed by letting the hackers get the highest level of admin privilege in the affected server. It claimed that the vulnerability existed for at least seven months.
To this, PNB said that it had deployed a leak prevention solution controlling unauthorised data being sent over emails. Earlier, in a statement to PTI, the bank had said that the glitch was found and fixed; and no data was compromised.
“The said zone does not permit unauthorised access to any one, including internal staff. The ICT systems are monitored round the clock by competent staff at security operation centre. The data at rest and transit are encrypted using proprietary algorithms,” it said in its latest statement.
The bank is certified with International ISO 27001 best information security practices, validated minimum every year and as and when significant upgradation to the ICT systems is undertaken. These standards and best practices are also adopted in India.
“Our customers are very valuable to us. We assure our all customers that PNB, your bank, will strive hard to keep your personal data highly confidential meeting to best possible standards. Towards this, PNB will always be at the forefront to implement best available resources to implement the best security controls to secure the Information of our all customers,” PNB said.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.