A vulnerability was found in Punjab National Bank’s (PNB) internal server, that allegedly could let hackers get access to the highest level of admin privilege, exposing personal and financial data of over 180 million bank customers, according to cybersecurity firm CyberX9.

Himanshu Pathak, Managing Director, CyberX9, told BusinessLine it also leaves access to confidential internal e-mails and logins of all strata of employees across branches and systems, including the CMD, exposed.

He added that though his firm discovered the vulnerability on November 17, the data had been left exposed for nearly seven months.

Bank denies exposure

PNB, however, denied any exposure to important data. The bank told PTI that it had tracked the vulnerability and no sensitive data was compromised. It also denied any customer’s data getting exposed.

“The server, wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive/critical data in this server,” PNB said.

According to CyberX9, a malicious attacker could easily control and access financial transactions, data on various loans and deals, and accounts of all the customers.

“The vulnerability was found in an exchange server, to which all other systems and networks are attached. Through this, the hacker can get access to master admin login. Initially PNB denied the glitch. On November 19, we had filed a complaint with CERT-In and NCIIPC, post that they said that they have closed down the server,” Pathak said.

Meanwhile, CyberX9 in its blog post asked for a thorough security audit of the bank’s systems.

Related Topics
comment COMMENT NOW