State Bank of India, also known as SBI, is India’s largest bank in terms of customers. SBI has branches all over India including rural and urban areas. It is also one of the first banks to be established in India. Also, there are places in India where the only bank available is SBI. SBI is also one of the Fortune 500 companies and is ranked very highly. But we have seen time and again that data breaches have become frequent with SBI. In the latest data breach, SBI leaked account information of their customers.
As far as the leak is concerned, the information was available through one of SBI’s servers. State Bank of India forgot to password-protect one of their servers, reportedly. This server stored information regarding a service called SBI Quick from the past two months. Now, SBI Quick is a service which gives account information to a user by simple SMS. If you want to request this information, you just need to send a message or call on SBI Quick’s number with a keyword.
This server being unprotected gave anyone access to every user’s information who knew how to access a server. This information includes balance information, last 4 transactions, credit or debit information as well as cheque clearing information. This is potentially harmful information because you can even block someone’s ATM card with this information. Moreover, this server also stored account number of a user. But only the last 3 digits were visible as the other digits were masked.
But you can easily find out any account’s information from the last 3 digits. Apart from that, this information can be used to short-list customers based on their income. For instance, this list can be used to identify account holders having a higher or lower account balance. Also, you can get the account holder’s mobile number which can be used for fraud.