Researchers have found that ICICI Bank has leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients.
During the recent investigation, it’s been discovered that the bank leaked sensitive data due to the misconfiguration of their publicly accessible cloud storage containing over 3.6 million files belonging to ICICI Bank.
Bank account information, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification cards, and resumes of workers and applicants were among the information that was exposed.
The bucket also had documents that contained the passports, IDs, PANs of clients. Additionally released were bank statements and fully completed KYC forms. The leak affected the staff as well, as CVs of current employees and job candidates were observed in the storage.
Cybernews reached out to both the bank and Indian Computer Emergency Response Team (CERT-IN) and the issue was fixed. Access to the Digital Ocean bucket belonging to ICICI Bank was fully restricted on March 30.
The impact of the discovered ICICI leak is estimated to be severe, as the volume of personal data leakage is significant. Leaked information could be used by threat actors to build a successful phishing attack that allows them to access bank accounts, make transfers, and commit credit card fraud.
However, ICICI Bank has denied these reports and said that they were baseless and aimed at damaging the bank’s reputation. The bank has accused Cybernews of publishing a story with malicious intent to mislead customers and dent the bank’s image