SBI Denies Data Breach, Says Servers, Customer Data Fully Secure
Customers queue up outside an SBI branch in New Delhi. (Photograph: Anindito Mukherjee/Bloomberg)

SBI Denies Data Breach, Says Servers, Customer Data Fully Secure


The nation's largest lender State Bank of India on Friday denied reports that its servers were compromised last week and assured that all its customer data continues to remain safe and secure.

According to a news item published by the U.S.-based TechCrunch, SBI has some unprotected servers which grant access to the financial information of its millions of customers to anyone looking for it. The report, however, did not quantify how many of the SBI's over 42.2 crore customers were hit.

SBI said that it has thoroughly investigated the matter after it was brought to the notice. "Our investigation has revealed that our servers are fully protected and there was no breach at all," the bank tweeted on Friday and assured that data of all its customers are safe and secure.

TechCrunch report had claimed that the SBI servers stored two months of data from SBI Quick, a service which involves banking by giving a missed call or sending an SMS. It said the bank did not protect the server with a password, making access to customers data open to anyone looking for it.

The bank said the incident under question relates to a service in which account information is quickly made available to a customer through an ongoing SMS service after taking care to mask account details so that customer data is protected.

The masking in any case ensures that there is a basic protection for the customer data. The process uses services of telecom companies and aggregates who have experience in the field and there are strict protocol are set up for these players.

"The investigation has revealed that there was a mis-configuration or lacuna in their process that arose on Jan. 27 and was subsequently rectified," the bank said.

The lender further said it is doing everything possible to ensure that no such weaknesses remain in the process used by the service providers that it uses for its various services.

"We would like to once again assure our customers that protection of their personal data and our IT systems and processes are of paramount importance to us and we will leave will no stone unturned in ensuring this," the bank said.

Also read: Q3 Results: SBI’s Profit Beats Estimates, Asset Quality Improves

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.