According to a report from cybersecurity company CyberX9, 180 million Punjab National Bank (PNB) customers’ financial and personal data was in danger for almost seven months owing to a flaw in the bank’s servers. According to the agency, the vulnerability allowed access to the bank’s entire digital banking system as well as administrative control.
“Our research team discovered a very critical security issue in Punjab National Bank (PNB) on 17th November 2021, which was leading to access to highest level privileges of administrator in an internal server of PNB hence exposing a massive number of PNB’s systems nationwide wide open to the whole internet for cyber attacks for the last ~7 months.”
Meanwhile, PNB said that its servers had a problem but guaranteed that no sensitive data had been exposed because of it. Customer data/applications are unaffected, according to PNB, and the server has been shut down as a precaution.
The CyberX9 research team uncovered a severe security flaw in PNB that allowed admin access to internal servers, exposing many banks’ systems countrywide to cyber-attacks for the last seven months.
The flaw was discovered in an exchange server connected to other exchanges and shares full access, including access to all email addresses, resulting in all email addresses being accessible.
Meanwhile, PNB stated that the server in question had no sensitive or vital information. The bank refuted CyberX9’s allegation that the vulnerability posed a threat to consumer data. PNB said that the server where the issue was found was one of several Exchange Hybrid servers that routed emails from On-Premise to Office 365 Cloud. This server contains no sensitive or essential information.
The vulnerability was patched on November 19, according to CyberX9, and the issue was reported to the Indian cyber security authority Cert-In and the National Critical Information Infrastructure Protection Centre (NCIIPC).