State Bank of India, India’s largest bank was entangled in a ruckus this week after a report revealed that millions of customer data stored with SBI must have been exposed. The report suggested that SBI forgot to secure a key server hosting sensitive customer information like bank balance, name, and other personal and account data in one of its Mumbai installations. SBI has been silent post the incident. The bank has finally responded by saying that the glitch now been fixed from their side.
In an official statement on Friday State Bank of India noted, “SBI would like to assure all its customers that their data is safe and secure and SBI is fully committed to ensuring this.” In the same statement, the bank also noted that they use a process to mask customers account details. SBI said that they user “the services of telecom providers and aggregators.” “Investigation has revealed that there was a misconfiguration or lacuna in their process that arose on January 27 and was subsequently rectified,” the statement further added. The bank also revealed that its servers remain to be secure and that there had been no breach.
So what exactly happened?
A report by the U.S.-based TechCrunch news website on Wednesday revealed that SBI secured an unprotected server that possibly would have allowed anyone to access information on millions of its customers. The report further revealed that the glitch in the server must have revealed some crucial personal as well as financial information for millions of users like bank balance, back account details, name, contact details, among other things. The report noted, “the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.”
The server that was hosted in a Mumbai-based datacenter reportedly stored data from SBI Quick, a text message and call-based system used by the bank to request basic information about their bank accounts by SBI customers, the same report noted. “SBI Quick – MISSED CALL BANKING is a free service from the Bank wherein you can get your Account Balance, Mini Statement and more just by giving a Missed Call or sending an SMS with pre-defined keywords to pre-defined mobile numbers from your registered mobile number. Please ensure that your mobile number is updated in your account to be able to register for this service,” explains SBI on how SBI Quick works.