re: Massive data breach @ State Bank of India From the data available in the link (techcrunch), what appears to have happened is this :
1. The server containing customer account balance / transaction details had been accessed. It is likely that the (partly masked) customer account numbers, mobile numbers, transaction details could have been exposed.
2. The server was probably handling the USSD (Unstructured Supplementary Service Data) services of SBI customers and hence the likelihood of storing customer credentials (password, login ids etc.) appear to be unlikely.
How this data will get used is an unanswerable (to me, atleast) - because, with this data fraudster can easily convince gullible SBI customers that the calls are authentic by sharing transaction details, which many will presume that only the bank knows.
Incidentally, the site stated in the news is Data Center of SBI at Belapur (Mumbai). Hope that leak was restricted to only this particular server and is well firewalled from other core applications.
SBI customers, as a matter of precaution, would do well to change their debit card pin, mobile & net banking passwords immediately. |