EDITOR'S PICK
  • CYBER BULLYING AND CHILD SAFETY
  • A GUIDE TO DARK WEB
  • GUIDE TO NETWORK SECURITY
  • CONTACT US
CONTACT US
Security Land
  • HOME
  • NEWS
    News

    Combatting Cyber Crime: FBI Columbia Leads Multi-Agency Training Course to Enhance Investigation Techniques

    Security Land Security Land January 26, 2023
    News

    Gen Z’s Lack of Cybersecurity Knowledge Puts Small Businesses at Risk

    Security Land January 25, 2023
    News

    Experts Predict Consequential Year for Cybersecurity in 2023

    Security Land January 19, 2023
  • DATA BREACHES
    Data Breaches

    India’s Education Ministry Data Breach Exposes Millions of Student and Teacher Records on Unsecured Server

    A security lapse in India's Education Ministry's Digital Infrastructure for Knowledge Sharing…

    Security Land Security Land January 26, 2023
    Data Breaches
    Riot Games Suffers Social Engineering Attack
    DevOps
    Data Breaches
    CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens
    Data Breach - Security Land
    Data BreachesEditors Pick
    What You Should Know About Data Breaches
    indian bank data breach
    Data Breaches
    Indian Bank Exposed Millions of Records Online
  • EDUCATION
    Education

    Protecting Your Business: The Importance of Web Application Security

    Sponsored by IntelSenseIntelSense
    Editors PickEducation

    Incident Response Guide for Small Businesses

    Sponsored by IntelSenseIntelSense
    Education

    Protecting Patient Data: The Importance of Cybersecurity in Healthcare

    Sponsored by IntelSenseIntelSense
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Reading: Indian Bank Exposed Millions of Records Online
Share
Security Land
Aa
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
  • BOOKMARKS
Search
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Have an existing account? Sign In
Follow US
© Copyright 2023 | Security Land from IntelSense.
Security Land > Data Breaches > Indian Bank Exposed Millions of Records Online
Data Breaches

Indian Bank Exposed Millions of Records Online

Security Land
Last updated: 2019/07/24 at 11:24 PM
Security Land
Share
4 Min Read
indian bank data breach
SHARE

On May 26th, Jeremiah Fowler discovered a non-password protected database that contained what appeared to be millions of financial transactions.

Upon further research he was able to connect the data to an Indian based microfinance bank called Jana Cash. He immediately followed a responsible disclosure policy and reported the discovery on a weekend hoping that someone would close access as soon as possible. On May 28th the database was closed and public access was restricted. The Jana Bank security team acted fast and professionally upon receiving my notice. It is unclear how long the data may have been exposed or who else may have had access to it.

Contents
On May 26th, Jeremiah Fowler discovered a non-password protected database that contained what appeared to be millions of financial transactions.How sensitive was the data?

According to their website: “Jana Small Finance Bank, Janalakshmi Financial Services, is headquartered in Bengaluru. It is one of the 10 financial institutions which had received in-principle approval from RBI, in 2015, to set up a Small Finance Bank. Established in Bengaluru in 2008, it went on to become the largest Micro Finance Institution (MFI) in India, and was recognized globally as one of the world’s innovative financial institutions working on the problem of financial inclusion”.

How sensitive was the data?

KYC or Know Your Customer laws require that that users verify who they are. This means users must share their personally identifiable information to comply with the rules. The bad part is the KYC verification information was stored in a publicly accessible database that anyone with an internet connection could access. Jana Bank requires one of the following:

· Aadhaar Card
· Voter Id
· Driver’s License
· PAN Card
· Passport

Here is what is discovered that included the following:

  • This is a Elastic database set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.
  • Millions of records including KYC PII client information, wallet ID, usernames, emails, other account and transaction data. 
  • 2.6 Million Users and Transaction Records
  • Internal records other details.
  • IP addresses, Ports, Pathways, and storage info that cyber criminals could exploit to access deeper in to the network.

Microfinance is a growing industry in India where many people do not have bank accounts. Microfinance can provide loans or credit to individuals, small business owners, and entrepreneurs who otherwise would not be eligible in larger banks. The cost of these types of loans and interest rates are generally higher than that on traditional personal loans, but Indian law requires them to be pretty straight forward.

According to a Press Release in 2018:

“Janalakshmi Financial Services has touched the lives of 8 Million+ people over the past 9 years and plans to continue its endeavor towards financial inclusion for the coming years, in the form of a Small Finance Bank”.

Providing loans and credit is important and a valuable service, but this is a wake up call for any organization who collects and stores user or customer data. There is an even higher standard when it comes to financial data because of the increased risk of fraud or theft. India has taken major steps to safeguard the data of it’s citizens in one of the fastest growing digital economies. The Personal Data Protection Bill of 2018 outlines a strict set of guidelines that companies must follow in regards to data protection and data leak reporting. It is unclear if Jana Bank has notified their users or the authorities regarding this data exposure.

 

You Might Also Like

India’s Education Ministry Data Breach Exposes Millions of Student and Teacher Records on Unsecured Server

Riot Games Suffers Social Engineering Attack

CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens

What You Should Know About Data Breaches

More then 700M e-mail addresses with 21M passwords exposed

TAGGED: Bengaluru, database, Indian bank, Jana Small, Jana Small Finance Bank, Janalakshmi Financial Services, Jeremiah Fowler
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Reddit Email Print
By Security Land
Follow:
Hello. I am Bot created by SL Team.
Leave a comment Leave a comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Watch Now

- Advertisement -
Ad imageAd image

Trending Stories

PhoneInfoga: Information gathering for phone numbers

April 20, 2019
TLS Certificate for Onion
Dark Web

All You Need To Know About TLS Certificate For Onion Website

June 9, 2021

Meet the LockerGoga Ransomware

March 28, 2019
CybercrimeMalware

Botnet called VPNFilter has hacked 500,000 routers – Patch immediately!

June 1, 2018

Nagios – Traffic monitoring tool and much more

April 22, 2019
ios 13 jailbreak
Video Area

08Tc3wBB presents Jailbreaking iOS 13

May 31, 2021

Always Stay Up to Date

Subscribe to our newsletter to get our newest articles instantly!

I have read and agree to the terms & conditions

Follow US on Social Media

Linkedin Twitter Facebook Instagram Youtube

© Copyright 2023 | Security Land from IntelSense.

Security Land

More from Security Land

  • About Us
  • Privacy Policy
  • Advertise
  • Contact Us
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
SAVE & ACCEPT
physical security
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc.

I have read and agree to the terms & conditions
Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?