Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Alleged HDFC Bank subsidiary data breach: The inside story

Alleged HDFC Bank subsidiary data breach: The inside story

Alleged HDFC Bank subsidiary data breach: The inside story

The recent alleged HDB Financial Services data breach has come in at a time when breaches and hacks are assuming a common place stature. A bank data breach continues to raise brows – and understandably so since the BFSI is a highly regulated domain.

Here are some insights into the alleged breach, brought to you exclusively by ETCIO

On March 6, 2023, a Dark Web monitoring company identified a post on BreachForums, where the threat actor kernel ware leaked the database allegedly belonging to HDFC Bank. While TA quoted the impacted organization as HDFC Bank, our overall analysis indicates that the leaked data was stolen from its subsidiary, HDB Financial Services Limited (HDBFS). It is worth mentioning that our research has found its association with data leak by the threat actor being tracked as CRIL-TA73.

Upon further verification, we found that a few of the datasets from the subject leak were consistent with the records leaked by the threat actor tracked as CRILTA73, which were stolen from a subdomain hosted by the GoNoGo service portal created by Lentra Pvt Ltd. This led us to believe with a high degree of confidence that the TA kernel ware shares a close association with CRIL-TA73 and likely exploited the aforementioned subdomain behind the GoNoGo portal by Lentra, exposing the subject customer data from HDBFS,” a source has told ETCIO.

This claim could not be independently verified.

So, the data breach that has now become the talk of the town is not of HDFC Bank but of a subsidiary. Many people are even relating the recent KYC scam with this data breach.

Alleged HDFC Bank subsidiary data breach: The inside story

“I have downloaded the 8 GB of database and all data is only from HDB Financial services. Now let’s assume, this is just a partial data because there is data of other banks too. So according to me there could be two scenarios:

1. Only Data of HDB Financial services is breached from HDB Financial services portal.
2. Data of all banks are breached via Lentra. (I have no info on this). In this case, Lentra must provide a clarification,” says Ritesh Bhatia, a cybercrime and forensics investigator and a cybersecurity and data privacy consultant.

The certified fraud examiner goes on to provide proof of his statement.

Alleged HDFC Bank subsidiary data breach: The inside story

 

Alleged HDFC Bank subsidiary data breach: The inside story

“You see every file name begins or ends with HDB,” adds Bhatia.

Alleged HDFC Bank subsidiary data breach: The inside story

“This is another case which we were discussing as part of the CISO responsibilities. So not just our systems, we also need to make sure every third party software we use or every vendor product we integrate with our system also have to follow the same standard of security and vulnerability measures. We also need to make sure our Dev, SIT and UAT environments also go through similar types of assessments,” says Sunil Mishra, CIO/CTO, Kotak Securities.

What does the HDFC Bank say?

Alleged HDFC Bank subsidiary data breach: The inside story

“There is no leak with the HDFC bank . The leak appears to be with the third party processing loans associated with our subsidiary,” Sameer Ratolikar, CISO, HDFC Bank has told ETCIO.

“I believe that HDFC Bank and it’s sub HDBFS are legally separate companies. Therefore, their authentication and authorisation services would also be on different domains and networks even if managed by a common vendor,” says Sudin Baraokar, Global IT and Innovation Advisor.

The final verdict

“The data is definitely not of HDFC Bank but of its subsidiary HDB Financial Services and the trending kyc messages scam has nothing to do with this breach. It’s merely a coincidence. We also need to wait and watch if other financial institutions’ data have been breached and this can be cleared by Lentra,” adds Bhatia.

Other sinister aspects to the data breach

Alleged HDFC Bank subsidiary data breach: The inside story

“Lentra AI was held for ransom by the hackers, but the threat actors leaked the data anyway,” says Rahul Sasi, co-founder and CEO of CloudSEK.

This raises important questions and scenarios:

  1. Did Lentra pay the hackers before the data was leaked?
  2. Why did the hackers release the data if they got the ransom?
  3. Worst case: Hackers leaked the data to show Lentra that they had it in their control and to drive home the point that they should pay the ransom. If that is the case, there may be other organizations’ data with them that may be waiting to get leaked.

Sasi agrees with this assumption and also believes that the hackers have more data with them that they may release later.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket