Listen to this story
Archived customer data of Indian private and public sector banks, from SBI to HDFC and ICICI, have been made available on the dark web, researchers told The Cyber Express. According to researchers at Cyble Research and Intelligence Labs, the data is suspected to be leaked from one of the Bank Mitra scheme websites.
On October 23, 2022, dark web marketplace Breached had a post from a threat actor with the alias ei_mUZAFFER, claiming to have data leaked from the portal bankmitra.csccloud.in. The researchers who have analyzed the data have found it to be genuine. However, the source of the leak is yet to be verified.
Curiously, the data dump has information specifically from merged banks such as State Bank of Travancore, which indicated that the dump is part of archived data.
Bank Mitra is an agency position created to facilitate the India’s inclusive banking project called Pradhan Mantri Jan Dhan Yojana (PMJDY), which was launched in 2015. The leaked data assessed by Cyble had those from banks such as State Bank of Hyderabad, which was merged to State Bank of India in 2017. There was a separate list for State Bank of India too.
The data leak appears similar to that of the infamous Aadhar breach and the Swachh City platform leak, where a nefarious threat actor who identifies themselves as LeakBase, Chucky, Sqlrip, and Chuckies, on various underground forums, released a massive trove of databases containing the PII information of 16 million Indians who use the Indian government’s Swachh City platform, an initiative of the government’s Ministry of Housing and Urban Affairs.
Similarly, in August 2022, Cyble Research issued an advisory about an ongoing financial fraud scheme. The scheme has been apparently duping and scamming rural consumers in India in the name of Customer Service Point, a.k.a. Bank Mitra. Trusting customers were in the risk of being duped by fraud CSP business correspondents, found the Cyble research team.
Disclaimer: The Cyber Express has not verified the data dump and the legitimacy of the breached websites. More information will follow.