SBI denies data breach, says servers and customer data fully secure
SBI said that its investigation revealed its servers are fully protected and there was no breach at all, assuring that its customer data is safe and secure.
The nation's largest lender State Bank of India (SBI) on Friday denied reports that its servers have been compromised last week and assured that all its customer data continue to remain safe and secure.
According to a news item published by US-based TechCrunch, SBI has some unprotected servers which gave access to the financial information of its millions of customers to anyone looking for it. The report, however, did not quantify as to how many of SBI's over 42.2 crore customers were hit.
SBI said it has thoroughly investigated the matter after it was brought to the notice.
"Our investigation has revealed that our servers are fully protected and there was no breach at all," tweeted the bank on Friday and assured that data of all its customers are safe and secure.
TechCrunch report had claimed that the SBI servers stored two months of data from SBI Quick, a service which involves banking by giving a missed call or sending an SMS. It said the bank did not protect the server with a password, making access to customers data open to anyone looking for it.
The bank said the incident under question relates to a service in which account information is quickly made available to a customer through an ongoing SMS service after taking care to mask account details so that customer data is protected.
The masking ensures that there is basic protection for the customer data. The process uses services of telcos and aggregates who have experience in the field and there are strict protocol are set up for these players.
SBI said, "The investigation has revealed that there was a misconfiguration or lacuna in their process that arose on January 27 and was subsequently rectified."
The lender further said it is doing everything possible to ensure that no such weaknesses remain in the process used by the service providers that it uses for its various services.
"We would like to once again assure our customers that protection of their personal data and our IT systems and processes are of paramount importance to us and we will leave will no stone unturned in ensuring this," the bank said.