Indian Banks customer data leaked through Bank Mitra website
Recently a threat actor was discovered who is advertising the data belonging to the Bank Mitra scheme of the Common service center scheme of the Indian government website. The objective of the Common service center (CSC) is to deliver essential public utility services, social welfare schemes, healthcare, education, healthcare, and financial services to Indian citizens. The role of the Bank Mitra scheme is to cater to financial services under CSC.
As per the sources, this breach was discovered on 23rd October 2022 where more than 750K records have been compromised including the Name, Bank name, Phone number, and Pan number of multiple partner banks of the scheme website Bank Mitra. As per the threat actor, the data was compromised from the domain of the Bank Mitra ID card page which the partners use to download ID cards.
The Common Services Centers (CSC) Scheme is being implemented across the country under the Digital India initiative by the Department of Electronics and Information Technology (DEITY), Ministry of Communications & Information Technology, Government of India. The aim of the Scheme is to provide sustainable digital access to make e-governance services for the upliftment of the rural community. The CSC Scheme is a strategic cornerstone of the Digital India initiative of the Government of India.
See more: Daixin team- A ransomware group targeting healthcare industries
The leaked PII could enable threat actors to orchestrate social engineering schemes, phishing attacks, and even identity theft on the victims of the leak. The compromised victims may receive fraudulent SMS with malicious attachments disguised with viruses, malware, or more, enabling the attacker to acquire the victim’s device, in turn leading to further breaches of sensitive data such as Bank PIN number, crypto wallet passcodes or phrases, social media credentials, and much more.
The compromised data set comprises a total of 10 CSV extension files dated between the years 2020, 2021, and 2022. A Total of 752K lines of data was present in all the CSV files combined containing PII (Personal Identifiable Information) of the banking customers with a list of India-based banks.
See more: Airline Argentina passenger data has been compromised
Follow on Facebook: Latest Hacking Updates