It seems that dark days of Punjab National Bank (PNB) is not going to end sooner, a massive data breach has been reported by The Asia Times.
Security experts believe that the incidence has allegedly compromised sensitive data of more than 10,000 credit and debit card users.
The compromised information includes names, expiry dates, personal identification numbers and card verification values, and all these data has been available for purchase (at $4.90 per card) on a website for at least three months.
The breach was uncovered by a Singapore based cybersecurity company, CloudSek Information Security, that keeps a close watch on every data transactions. While the Hong Kong-based publication reported that this information has been available for sale on the internet for three months.
Sasi, Chief Technical Officer of CloudSek, in his statement to Asia Times said, "We have a crawler that is deployed in the dark/deep web. These are sites on the internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally."
He further added, "Our crawler detects any such data and sends it to a Machine Learning software that we have created. If this detects anything that is suspicious, and of interest to our clients, we immediately take action."
Investigators are still trying to determine how the breach occurred.
"Usually these sites on the deep/dark web build up reputations on the authenticity of the data they sell illegally. This particular site has a very good reputation. They offer a sample size to buyers to establish their credentials before the sale is made. In this case, they were offering to sell the data at US$4.90 per card," he reported.
However, there wasn’t enough information yet to be certain how the leak had taken place.
Security experts believe that the incidence has allegedly compromised sensitive data of more than 10,000 credit and debit card users.
The compromised information includes names, expiry dates, personal identification numbers and card verification values, and all these data has been available for purchase (at $4.90 per card) on a website for at least three months.
The breach was uncovered by a Singapore based cybersecurity company, CloudSek Information Security, that keeps a close watch on every data transactions. While the Hong Kong-based publication reported that this information has been available for sale on the internet for three months.
Sasi, Chief Technical Officer of CloudSek, in his statement to Asia Times said, "We have a crawler that is deployed in the dark/deep web. These are sites on the internet which are not indexed by Google or other major search engines. They are used to buy and sell sensitive data illegally."
He further added, "Our crawler detects any such data and sends it to a Machine Learning software that we have created. If this detects anything that is suspicious, and of interest to our clients, we immediately take action."
Investigators are still trying to determine how the breach occurred.
"Usually these sites on the deep/dark web build up reputations on the authenticity of the data they sell illegally. This particular site has a very good reputation. They offer a sample size to buyers to establish their credentials before the sale is made. In this case, they were offering to sell the data at US$4.90 per card," he reported.
However, there wasn’t enough information yet to be certain how the leak had taken place.