An individual using the moniker “Kernelware” posted 7.5 GB of client data on Monday to the hacker forum “Breached.vc,” which may have belonged to HDB Financial Services, a division of HDFC Bank, India’s largest private bank.
In addition to the customer’s full name, date of birth, age, phone number, email, marital status, gender, home address, employment information, loan application information, transaction method, processing fees, credit score, dealer name, transaction logs, general asset logs (cost, model, etc.), LOS ID, and loyalty card numbers, the hacker uploaded a sample of the data and claimed that the leak contains 73 million entries.
The disclosed information resembled client loan information, which also included specifics like whether the loan was approved or denied.
HDFC Bank unequivocally denied any data loss from their end in response to a Mint inquiry. Please be aware that HDFC Bank has no data leaks and that no unauthorised access has been made to our systems “the bank added in its statement.
However, it was discovered by looking at the data samples that the information belonged to HDB Financial Services, an NBFC division of HDFC Bank. Additionally, the information exposed related to two-wheeler and consumer durable loans made by HDB between May 2022 and February 2023.
HDB Financial has stated that there was an incident at “one of our service providers who processes some of our customer information,” despite HDFC Bank continuing to maintain that its systems are secure.”
According to HDB Finance, in response to a Mint inquiry, “We have taken immediate actions to safeguard the service provider’s system to prevent any further unauthorised access. In order to stop such occurrences from happening in the future, we are also carefully reviewing the security measures implemented by the service provider.”
“We have also informed the regulator and CERT-IN, and we are collaborating with them to conduct a thorough investigation into this event, “Added was HDB Finance. Reference: LiveMint