Critical personal information of 180 million Punjab National Bank (PNB) customers was at risk for around seven months due to a vulnerability in servers, a report stated.
As per CyberX9, the vulnerability provided access to the entire digital banking system of PNB with administrative control. The bank confirmed the glitch but denied any exposure of critical data due to the vulnerability of servers.
PNB stated that the "customer data/applications are not affected due to this" and that the "server has been shut down as a precautionary measure."
CyberX9 founder and MD Himanshu Pathak alleged that Punjab National Bank kept compromising the security of funds, personal and financial information of over 180 million customers for about the last 7 months.
PNB fixed the vulnerability after CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC.
Pathak said that CyberX9 research team discovered security issue in PNB which was leading to access internal servers, thus, exposing a massive number of banks' systems nationwide open for cyber-attacks for the last about seven months.
He also said that vulnerability was found in an exchange server which was interconnected with other exchanges and shares all access. It included access to all email addresses which results in access to all email addresses.