Massive personal info leak from online banking portal

IDs, cancelled cheques & other details of 1L Indians breached, finds firm

Published: 11th August 2021 07:12 AM  |   Last Updated: 11th August 2021 07:12 AM   |  A+A-

Hacking, Cyber Crime, Spyware

For representational purposes

Express News Service

KOCHI: Kochi-based cybersecurity firm Technisanct has unearthed a major personal identifiable information (PII) leak in which hackers have targeted an online banking platform. The PII details of over one lakh Indian nationals with copies of their Aadhaar card, PAN card and cancelled cheques have been found leaked and available for sale in a hackers’ forum.

According to Nandakishore Harikumar, founder and CEO of Technisanct, his team has found 360 GB of content having around 11 lakh files with PII of over one lakh Indian citizens in the notorious hackers’ platform named Raid Forum. The hacker, who has leaked the data, has offered it for sale demanding $25,000.

“The data is leaked from an online banking platform which collected KYC details in the e-format. We suspect the hackers made use of the vulnerability of cloud data storage of the banking platform. We expect the online banking firm to identify the security breach and take required action. The leaked PII was of the 2018-2021 period. Interestingly, the Supreme Court has barred private entities from collecting Aadhaar for e-verification since 2018,” he said.

Technisanct recently detected a similar data breach from Tamil Nadu public distribution system, in which 65 million Aadhaar card numbers stored without encrypting these were found leaked in hackers’ forums. However, the agency which maintains the data denied the breach.

An official with the Cyberdome of Kerala Police said even when a massive cybersecurity breach happens, the companies refuse to complain fearing the impact on their reputation. “No company comes forward to report cyber attacks these days, often making enforcement agencies helpless in taking action. Apart from lodging complaints on time, there should be regular cybersecurity audits which must include identification of any cyberattack and breach. Having secure firewalls alone won’t prevent cyber attacks,” the police official said.


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp