According to a report in CyberNews, the leak happened due to misconfiguration in the bank’s system. The report states that the leaked data was stored in New York-based cloud service provider Digital Ocean.
leaked information
The publicly accessible information reportedly included “bank account details, credit card numbers, full name, date of birth, home address, phone number and email.” The report said that information like customer’s passport details, ID and PAN details were also leaked in the breach.
Information about ICICI Bank employees was also leaked and included CVs of current employees and job candidates. If such sensitive data falls into the wrong hands, the loss is irreparable.
The data leak was first discovered by the CyberNews research team on February 1, after which they informed ICICI Bank and the Indian Computer Emergency Response Team (CERT-IN). The issue was then fixed and access to the leaked information was completely restricted until March 30, the report said.
ICICI Bank, on the other hand, denied the data breach saying that no such incident had taken place, as per a report at, Initial reports of the data breach have also been removed, and with ICICI Bank denying the incident, we cannot confirm whether any data was leaked. The bank issued a four-point statement on the incident, which reads as follows:
1. The Bank does not own or manage the above URL. So, as mentioned in the article, there is no question of misconfiguration on the part of the bank.
2. The four documents found in the URL appear to have been uploaded by individuals as collections. These do not compromise the security of any account.
3. Since the documents contained the name of the bank, we took steps to bring down the URL.
4. There is no evidence of the availability of 3.6 million files with customer data, as stated in the article.
However, independent researchers argue that the leaked information appears to be legitimate, and is not limited to ICICI only. “The compromised bucket contains information related to several other companies. I am not sure why the researchers have singled out ICICI.
