A data security scandal has hit India's largest public sector bank after a media report claimed that State Bank of India left a server with banking data (bank balances, recent transactions) of its customers unprotected for two months. SBI has now secured the server.
According to a report by Techcrunch, the server which is hosted in a regional Mumbai-based data centre, stored two months of data from SBI Quick meant for users to request basic info about their bank accounts via a text message or on a call.
The report goes on to point how the bank's server was not password-protected, allowing anyone with the technical know-how to access the data of millions of customers' information. According to Google Playstore, there have been 10-million-plus installs of the SBI Quick app.
Techcrunch claimed the passwordless database allowed them "to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions".
TechCrunch verified the authenticity of the server by asking an India-based security researcher to use SBI Quick and within seconds, his number, as well as the bank's response, were available on the compromised server.
The report says the server revealed that the bank sent over three million text messages to its consumers on a single day - Monday - itself.
SBI Quick offers an easy way to its consumers to get basic information about like their account balance, mini statement, cheque book, and more with the bank.
India's largest public sector bank with a $47.5 billion revenue stood 216th in the last Fortune 500 list of the world's biggest corporations.