SBI Data Leak: What can you do to stay protected?
Just a few hours ago, India's largest financial institution, the State Bank of India, was found exposing customer data from an unprotected server. The bank, as we reported, inadvertently leaked information of millions of customers, including their bank balances, recent transactions, phone numbers. This has raised alarms regarding account security, but worry not, there are ways to stay protected. Let's take a look.
According to TechCrunch, one of the servers at SBI's Mumbai-based data center was left without password protection. It was associated with the back-end database of SBI Quick, the call and text-based service that allows customers to get account updates on their phones. As such, the server exposed messages sent to customers in real time and the information they carried - balances, transactions, mobile numbers.
In their investigation, TechCrunch found two months' worth of SBI Quick messages being exposed through the server. This archived data had millions of messages; in fact, some three million messages were sent on Monday alone.
Going by the report, the leak may have compromised above-mentioned information and partial account numbers of SBI customers. Though this doesn't pose a direct threat to account security, it could open gates for fraudsters, who might use leaked phone numbers and balance details to target people with high account balances. In essence, this could lead to a rise in social engineering attacks, frauds.
Social engineering is one of the most common attack vectors for financial fraud in India. Cybercriminals reach their targets via calls or texts and trick them into divulging confidential information, like login and passwords for net banking. They might claim to be an SBI employee (by telling your balance) and offer lucrative deals to manipulate you into giving away your account details.
In order to avoid such attacks, never give your banking details to anybody on call, even if the person claims to be a legit bank employee. Also, if there are any questions, visit the bank in person for answers and make sure your account and the money in it is fully secured. Finally, never open links or agree to pay for a free deal/offer.
You cannot control security defenses at SBI's end, but you can definitely make sure that your account is fully secured. For this, update its password from time to time and keep a tab on your finances.