Security News > 2021 > November > Indian bank smacks down allegation it exposed 180 million customers' accounts

Indian bank smacks down allegation it exposed 180 million customers' accounts
2021-11-23 01:58

India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers - but appears to have admitted its Exchange Server implementation wasn't in tip-top shape.

In the same report, the Bank admitted that it uses Exchange, but the allegedly unpatched servers were only used to route mail to Office365 and contain no sensitive data.

In a notice pinned to its home page, and the MoneyControl report, the Bank has also stated that its core banking systems, and customer data, are isolated from the infrastructure exposed by the vulnerability.

The notice also explains that the Bank employs data loss prevention tools that "Prevent any unauthorized data to be sent through emails".

CyberX9 has called for a public audit of the Bank to reassure customers.

The Register has contacted CyberX9 and the Bank for comment, and will update this story if we receive meaningful responses.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/23/punjab_national_bank_cyberx9_exchange_allegation/