The hacker behind the HDFC Bank subsidiary breach was also behind the Acer Inc. data breach that took place a couple of days ago.
A hacker using the alias Kernelware has leaked 7.5 GB of customer data belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.
It is worth noting that Kernelware is the same hacker who breached Acer Inc. and leaked 160 GB worth of data on a hacker forum just a few days ago. Acer has now confirmed the breach.
As for the HDFC’s breach, the data was posted on the hacker forum ‘Breached forum’ and contains over 72 million entries. For your information, Breachforums is an infamous forum that surfaced as an alternative to the popular and now-seized Raidforums.
Leaked Data
As analysed by Hackread.com, the leaked data includes personal information such as full names, dates of birth, phone numbers, and email addresses. It also contains employment information, loan details, transaction methods, processing fees, bank names and branches, credit scores, and Experian scores.
Other data leaked include dealer names, transaction logs, margin money logs, general asset logs, LOS IDs, loyalty card numbers, employee codes, and other miscellaneous information. The leak has raised concerns about data privacy and the need for stronger security measures to protect sensitive customer information.
While HDFC Bank denies any data leak from their end, analysis reveals that the data belongs to HDB Financial Services, and the leaked data was of HDB’s consumers who had applied for loans between May 2022 and February 2023.
HDB Financial has confirmed the company experienced a cybersecurity-related incident and investigations are underway. The Indian Computer Emergency Response Team (CERT-IN) is also aware of the issue.
The leak of such a large amount of sensitive customer data has raised concerns about data privacy and cybersecurity. The incident highlights the importance of robust security measures to prevent unauthorized access to customer data. Companies need to take steps to secure their systems and ensure the safety of customer information.
The latest data breach comes just weeks after the RailYatri hack, in which the personal details of over 31 million travellers were leaked online.