ICICI Bank Data Leak Exposes 17,000 Customers’ Credit Card Data

ICICI Bank, one of India’s leading private banks, has confirmed the exposure of sensitive credit card information belonging to thousands of customers.

The Mumbai-based bank acknowledged that a technical glitch in its mobile banking application, iMobile Pay, led to approximately 17,000 new credit cards being “erroneously mapped” to the wrong users.

The issue was first brought to light by customers who noticed unfamiliar credit card details within the app.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

These details included the full credit card number, expiration date, and the card verification value (CVV), which are critical pieces of information for conducting financial transactions.

The breach was severe enough to allow users to view and potentially adjust settings for these cards, such as enabling foreign transactions or changing spending limits.

The bank’s spokesperson stated, “The affected cards represent about 0.1% of ICICI Bank’s credit card portfolio. In response to the incident, ICICI Bank has taken immediate action by blocking the impacted credit cards and has begun issuing new ones to the affected customers”.

The ICICI Bank spokesperson expressed regret for the inconvenience and reiterated the institution’s commitment to ensuring the security and privacy of customers’ financial information.

The bank has also assured that it will appropriately compensate any customer who experiences financial loss due to this breach.

Customer complaints about the data exposure surfaced on social media platforms and financial forums, with users expressing concerns over the bank’s security protocols.

The incident has raised questions about the checks and balances in place to protect customer data and prevent such breaches.

“I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app. Although OTP restricts domestic transactions, but I can do international transactions using the details from the iMobile app,” one of the users wrote on the forum.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.