PNB server vulnerability exposed personal and financial details of 180 million customers

Vulnerability in Punjab National Bank's server allegedly exposed the personal and financial details of its around 180 million customers for around seven months, cyber security firm CyberX9 said.

The cyber security consultancy company has claimed that the vulnerability gave access to the entire digital banking system of the bank with administrative control. Meanwhile, PNB has confirmed the snag but refuted any exposure of crucial data owing to vulnerability.

"Punjab National Bank kept severely compromising the security of funds, personal and financial information of over 180 million (all) its customers for about the last 7 months. PNB only woke up and fixed the vulnerability when CyberX9 discovered the vulnerability and notified PNB through CERT-In and NCIIPC," CyberX9 founder and MD Himanshu Pathak told reporters recently.

Pathak said that vulnerability was found in an exchange server that is interconnected with other exchanges and shares all access -- including access to all email addresses which results in access to all email addresses.

"The server wherein the vulnerability was reported, was being used as one of the multiple Exchange Hybrid servers used to route emails from On-prim to Office 365 Cloud. There is no sensitive/critical data in this server," PNB said.