A cyber-attack in HDFC Bank resulted in the data breach of almost 30 GB of customer data allegedly belonging to HDB Financial Services was leaked online on a hacker forum.
HDB Financial Services is the non-banking lending arm of private sector lender HDFC Bank. The data is estimated to contain around 73 million entries and is from the period between May 2022 and February 2023, said two people who have seen the data dump.
The sample of the data contains consumer information pertaining to two categories of loans—consumer durable loans and two-wheeler loans. The mobile number and the name of the customer are also available. There is also data on a consumer looking to purchase a Vivo V5 smartphone with the name of the customer, his location, the dealer’s name, and the purchase date all available in the data dump.
The exact number of customers whose data has been leaked cannot be determined, given that there could be multiple entries on the same person.
As per the statement of the HDFC bank, There is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. We remain confident of our systems. However we treat the matter of our customers data security with utmost seriousness and we continue to,
Preliminary estimates suggest that the loan origination system of the NBFC (non-banking finance company) arm of the banking group has been impacted by the attack
The data that has been released mainly pertains to customers applying for credit, their credit scores being checked, and the status of their loans (whether it has been approved or not).