Excerpt from CybersecurityNews Article, Published on Apr 29, 2024
ICICI Bank, a prominent private bank in India, has confirmed a significant data breach resulting in the exposure of sensitive credit card information belonging to thousands of customers.
The breach, attributed to a technical glitch in the bank’s mobile banking application, iMobile Pay, led to the erroneous mapping of approximately 17,000 new credit cards to the wrong users. Customers first noticed unfamiliar credit card details within the app, including full card numbers, expiration dates, and CVVs – crucial information for financial transactions. This breach allowed users to access and potentially adjust settings for the affected cards, such as enabling foreign transactions or altering spending limits, posing a serious security risk.
An ICICI Bank spokesperson addressed the issue, stating, “The affected cards represent about 0.1% of ICICI Bank’s credit card portfolio.” The bank swiftly responded by blocking the impacted cards and initiating the issuance of new ones to affected customers. Expressing regret for the inconvenience caused, the spokesperson reiterated the bank’s commitment to safeguarding the security and privacy of customers’ financial information. ICICI Bank has assured affected customers of appropriate compensation for any financial losses incurred due to the breach.
Customer complaints about the data exposure surfaced on social media platforms and financial forums, raising concerns about the bank’s security protocols and the efficacy of measures to prevent such breaches. One user shared their experience on a forum, expressing the gravity of the situation: “I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app. Although OTP restricts domestic transactions, but I can do international transactions using the details from the iMobile app.”
This incident underscores the importance of robust security measures and effective oversight to safeguard sensitive financial data in an increasingly digital landscape.
To delve deeper into this topic, please read the full article on CybersecurityNews
