Last Updated on 22/11/2021 by Sunaina
According to cybersecurity company CyberX9, 180 million Punjab National Bank (PNB) clients’ financial and personal information was at risk for almost seven months owing to a weakness in the lender’s computers. According to the FBI, the weakness allowed access to the bank’s full digital banking system as well as administrative control.
Meanwhile, PNB confirmed that its servers had had a problem, but guaranteed that no sensitive data had been exposed as a result. “Customer data/applications are not impacted as a result of this,” PNB said, adding that the “server has been shut down as a precautionary measure.”
“For the last 7 months, Punjab National Bank has been significantly jeopardising the security of cash, personal and financial information of over 180 million (all) of its clients. PNB only became aware of the issue and repaired it after CyberX9 detected it and reported PNB via CERT-In and NCIIPC “Himanshu Pathak, the founder and MD of CyberX9, told PTI.
According to Pathak, the CyberX9 research team uncovered a serious security flaw in PNB that allowed admin access to internal servers, exposing a large number of banks’ systems countrywide to cyber-attacks for the last seven months.
He went on to say that the vulnerability was discovered in an exchange server that is connected to other exchanges and shares all access, including all email addresses, resulting in access to all email addresses.
“We uncovered a weakness in PNB’s exchange servers that allowed us to get the highest degree of admin capability.” If you acquire access to the Domain Controller via an exchange server, the doors to every machine on the network are very readily opened,” Pathak said. He went on to say, “These computers even include those that are utilised in their branches and other departments.”
Meanwhile, PNB stated that the server in question had no sensitive or vital information. The bank refuted CyberX9’s allegation that the vulnerability posed a threat to consumer data.
“The server where the vulnerability was discovered was one of several Exchange Hybrid servers that were used to transport emails from On-prime to Office 365 Cloud.” “This server contains no sensitive or important data,” PNB said.