Punjab National Bank has refuted claims made in a cyber security firm's report that the bank's millions of clients' personal data were accessed owing to a system flaw. A report from the cyber security firm Cyberx9 was picked up by a number of news publications.
"It is an established fact that hackers regularly attempt to penetrate every and all Internet-facing systems anywhere in the world. PNB has implemented stringent security controls in all our ICT systems. The reported attempt of the perpetrator was monitored and checked," the statement said.
The bank further stated that it has implemented data leak prevention technologies that prevent any unauthorised data from being transferred over email, and that the specified zone does not allow anyone, including its own employees, illegal access.
"At the security operation centre, professional personnel monitor the ICT systems 24 hours a day, seven days a week." The data is encrypted in transit and at rest using proprietary methods, according to the statement.
"Our customers are very valuable to us. We assure our all customers that PNB, your bank, will strive hard to keep your personal data highly confidential meeting to the best possible standards. Towards this, PNB will always be at the forefront to implement the best available resources to implement the best security controls to secure the Information of our all customers," the bank said.
After cyber security firm CyberX9 claimed that the personal and financial information of 180 million clients was exposed for nearly seven months, the bank issued a statement clarifying the situation.
For the previous seven months, CyberX9 discovered a serious security flaw in PNB that allowed admin access to internal servers, exposing a large number of banks' systems across the country to cyber-attacks.
The bank claimed in a four-point clarification message released on Twitter that it had verified all information systems connected to the bank's server and found no data breach as described in the story.
According to the Cuberx9 report, the bank did not completely refute the attempted hacking or vulnerability.
Important Announcement, take note👇 pic.twitter.com/JLgmd0RkDs— Punjab National Bank (@pnbindia) November 22, 2021