- Advertisement -
HomeUncategorizedPNB sees data breach: 10,000 credit, debit card details put on sale...

PNB sees data breach: 10,000 credit, debit card details put on sale online for as little as Rs 300

- Advertisement -
- Advertisement -

A Cyber Security firm says that it found details of over 10,000 credit and debit cards of customers of the embattled Punjab National Bank (PNB) up for sale for $ 4-5 per card on the internet for the last three months.

The country’s second largest public sector bank blocked the cards soon after the breach was reported by Cloudsek on Wednesday afternoon, the company said.



“Close to 10,000 client details are for sale on the dark web which included names, emails, passwords, credit and debit card number, expiry dates, year, cvv number and the like. The user information of each card costs about $4 – $5,” said Rahul Sasi, cofounder of CloudSek, a Bangalore-Singapore based cyber security company.

For the uninitiated, dark/deep web is a part of the internet that cannot be accessed using traditional web search engines such as Google, and Bing. It is notoriously known for illicit trade activities like access to guns, drugs, counterfeit money, stolen personal data and the like.



“We have a system that crawls the Web/Dark Web/UG Discussion forums for websites that have put up user data for sale. Once our crawler stumbles upon suspicious data like that, our machine learning software analyses it and if there is a threat we alert our clients about customer data being disclosed” Sasi, said. ClouSEK’s clientele includes Gojek, Grab Taxi, and BankBazaar.

In simple terms, web crawlers are internet bots which browses the internet. The script written by CloudSek was customised to browse through the dark web which found the breached PNB user data.

“Our web crawler stumbled upon advertisements on a website which claimed to sell financial information, which we later found belonged to PNB bank. It was difficult to report it to them immediately but we reached out to them (on Wednesday night) and the bank has now blocked all the cards,” Sasi added.



The cyber security firm said that the compromised user information was available on the dark web for close to three months now. “As of now it is difficult to ascertain the way they got hacked. It might have been through credit card details stored on the website, phishing emails, computers being hacked and the like,” Sasi added.

As per CloudSek’s report, the details of card holders primarily belonged to PNB bank clients. “Card information about users in other banks were also available, but most of it was historical data,” Sasi said. Historical data in this context refers to credit and debit card information which are available on the dark web but have already been blocked by the account holder/bank.

“It is not all that uncommon to find user data on the dark web. There are financial data of corporate houses available which do not get reported or go under the radar,” said a cyber security consultant with a top consulting firm.

RELATED ARTICLES

Most Popular

Recent Comments