BackHDFC Bank's NBFC arm confirms data leak of customers
The hacker uploaded the sample data and claimed that the leak contains 73 million entries
PremiumOn Monday, a hacker with the alias 'Kernelware' posted 7.5 GB of customer data to the hacker forum 'Breached.vc', potentially belonging to HDB Financial Services, a subsidiary of India's largest private bank HDFC Bank.
The hacker uploaded the sample data and claimed that the leak contains 73 million entries which includes, customer full name, date of birth, age, phone number, email, marriage status, gender, residence address, employment information, loan application information, transaction method, processing fees, credit score, dealer name, transaction logs, general asset logs (cost, model etc), LOS ID, loyalty card numbers, among others.
The released data looked like customer loan data, which also included details such as whether the loan was processed or rejected.
In a response to a Mint query, HDFC Bank categorically denied any data leak from their end. “Please note that there is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner," the bank said in its statement.
However, by looking at the data samples it has been observed that the data belonged to HDB Financial Services, an NBFC arm of HDFC Bank. And, the leaked data was of HDB’s two-wheeler and consumer durable loans from the period between May 2022 and February 2023.
While HDFC Bank has been maintaining its stand that its systems are secure, HDB Financial has confirmed that there was an incident at “one of our service providers who processes some of our customer information."
Responding to a Mint query, HDB Financial stated, “We have taken immediate steps to secure the service provider’s system to prevent any further unauthorized access. In addition, we are conducting a thorough review of the security measures adopted by the service provider to prevent similar incidents from happening in the future."
“We have also notified the regulator and CERT-IN and we are working with them to investigate this incident to the fullest," HDB Financial added.
The NBFC, however, did not reveal who the service provider was. But according to industry sources, the leak happened at a loan aggregation company Lentra.ai. Interestingly, HDFC Bank is one of the early investors in Lentra.ai.
A Lentra spokesperson said that, “Some reports have surfaced about an incident of data leak with one of our clients. While the investigation is ongoing, preliminary analysis shows that only a minor part of single client reporting data has been compromised, and does not include customer banking data. We want to state that this is due to unauthorized access and there is no breach on our lending platform, nor ransomware or malware. To resolve the leak, we are working with regulators as well as the cyber police. Our commitment to ensuring data security on our platform is unwavering."
During FY22, HDB Financial Services’ AUM stood at ₹61,444 crore. The NBFC reported ₹11,306 crore in revenues, and the profits stood at ₹1011 crore.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
