In recent weeks, India has witnessed a surge in cyber attacks targeting major banks and insurance companies, leaving companies like SBI, Kotak Mahindra Bank, and Turtlemint as victims. The growing threat of these attacks poses risks not only to financial institutions but also to the security of customer data, credit card information, and KYC details.
An Organized Ecosystem of Hacking and Fraud
Experts in the banking sector are gravely concerned about the alarming rise in cyber attacks. Sulochana Desai, a seasoned banking expert, highlighted that when hackers successfully penetrate a bank or financial institution's system, they can directly exploit it to steal money, credit card data, KYC documents, and other sensitive information. These stolen details are then sold to individuals engaged in fraudulent activities, who, in turn, create fake accounts and cheat unsuspecting customers. The increasing prevalence of cyber attacks indicates the existence of a well-organized ecosystem of hacking and fraud, further compounding the risks for financial institutions and their customers.
Recent Attacks on Major Institutions
The month of July has seen significant cyber attacks on major Indian financial entities, raising concerns about data security and privacy breaches:
1. Kotak Mahindra Life Insurance - July 4
The notorious Clop ransomware group released sensitive data, including names, addresses, and mobile numbers, of 57,000 pre-existing employees and other financial partners and customers of Kotak Mahindra Life Insurance. This breach posed a significant risk of identity theft and fraudulent activities.
2. Turtlemint - July 11
Turtlemint, an insurance platform, suffered a data leak that exposed car insurance information, including email IDs, policy numbers, names, and vehicle details of more than 1.9 million customers. This large-scale breach raised concerns about the safety of personal information and the potential misuse of customer data.
3. State Bank of India (SBI) - July 8
A data leak on Telegram channels compromised the personal information of over 12,000 SBI employees, including names, addresses, contact numbers, passbooks, Aadhaar cards, and PAN numbers. Such leaks can lead to identity theft and fraudulent activities targeting bank employees and customers.
4. IDFC First Bank - April and July
A database containing sensitive employee information from IDFC First Bank appeared on a Russian hacker forum in April, intending to be sold for a price. Subsequently, in July, the same data resurfaced on other platforms, highlighting the persistence of cyber threats.
The Need for Robust Cybersecurity Measures
Yash Kadakia, the founder of IT security solution provider Security Brigade, emphasised that the banking, finance, and insurance sectors are indeed investing heavily in security. However, the prevalence of cyber attacks demonstrates that more than investing in cybersecurity measures is required. Cyber attackers are adept at finding vulnerabilities and loopholes in systems, making it crucial for financial institutions to adopt a proactive approach to cybersecurity.
As cyber threats continue to evolve, banks and insurance companies must strengthen their cybersecurity infrastructure and prioritise the protection of customer data. Collaborative efforts between the government, financial institutions, and cybersecurity experts are vital to combat these threats effectively and ensure the safety of India's financial landscape.