State Bank of India has fixed a glitch in its server that might have exposed the financial information of millions of customers. U.S-based news website TechCrunch in a report on Wednesday said SBI had secured an unprotected server that could have allowed anyone to access information like bank balance and recent transactions on millions of customers.
“SBI would like to assure all its customers that their data is safe and secure and SBI is fully committed to ensuring this,” the bank said in a statement late on Friday.
“The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500”, said the TechCrunch report.
The report further added that the server was left unprotected giving anyone, who knew where to look, access to two months of SBI Quick data. According to the report, Monday’s data alone compromised of three million messages, which were sent to the SBI consumers.
SBI Quick allows SBI customers to text the bank or give a missed call to get information back by text about their finances and transactions. The process is ideal for those who don’t use smartphones or have limited data on their device. The process uses predefined terms like ‘BAL’ in order to check current balance. The service recognizes customer’s registered phone number and sends account balance information on the customer’s phone.
A process to mask such account details “uses the services of telecom providers and aggregators,” SBI said.
“Investigation has revealed that there was a misconfiguration or lacuna in their process that arose on January 27 and was subsequently rectified,” it added.
SBI’s investigation also showed that the servers remained secure and there had been no breach, said SBI.