A threat actor claims to have stolen and is selling sensitive financial data of over 13 million Indian banking customers on the dark web.

A threat actor has surfaced on a well-known dark web forum, claiming to have gained access to and exfiltrated sensitive financial data belonging to over 13 million Indian banking customers. This shocking revelation has raised serious concerns about the state of data security in India’s banking ecosystem. The purported data dump, which is allegedly the product of a significant breach, is currently being offered for $10,000 to one buyer alone.

Scope of the Leak

According to the dark web article, the compromised data include financial and personal details like:

• Full names of account holders
• Indian Banking Customers account numbers
• Indian Banking Customers IFSC codes
• Indian Banking Customers Registered mobile numbers
• Indian Banking Customers Email addresses

The threat actor has allegedly supplied a sample of 6,000 data from the purported breach to bolster the veracity of the claim. The entire dataset, which is 11.2 GB in size, is reportedly formatted in CSV.

By declaring that only one buyer would be considered and that escrow services would be accepted to complete the transaction, the threat actor further highlighted the gravity of the sale. This unusual approach demonstrates the actor’s faith in the veracity of the breach.

Top Banks Allegedly Affected

The forum post claims that the customer datasets of numerous well-known Indian financial institutions are impacted by the incident, including:

• State Bank of India (SBI)
• HDFC Bank
• ICICI Bank
• Kotak Mahindra Bank
• Several other private and public sector banks

Cyber intelligence specialists are conjecturing about a potential vulnerability exploited through third-party banking APIs or KYC data aggregators, even though the exact manner of infiltration is still unknown.

Potential Risks and Implications

Experts in cybersecurity caution that if confirmed, such a vulnerability might have serious repercussions:

• Financial fraud: Access to account numbers and phone numbers could allow cybercriminals to launch targeted phishing or vishing attacks.
• Identity theft: The combination of email, phone numbers, and bank data could allow for large-scale impersonation and KYC fraud.
• Reputational damage: If major banks are indeed involved, the fallout could impact consumer trust and regulatory compliance in the fintech space.

A senior analyst at a top cybersecurity company declared, “This is not just a leak; if verified, it’s a bombshell.” The scale and extent point to either extreme neglect or a profound penetration. By using escrow, the seller demonstrates their expertise in high-value cybercrime activities.

Authorities and Institutions on Alert

The Reserve Bank of India (RBI) and the Indian Computer Emergency Response Team (CERT-In) have not yet released a formal statement. Additionally, no confirmations or rejections have been made by representatives of the banks listed in the leak.

Dark Web Marketplace Trends

This hack is just one more illustration of how the dark web is developing into a marketplace for strategic and private information. Threat actors are increasingly acting like businesses by offering escrow, negotiating exclusive deals with buyers, and supplying samples.

Because of the growth of fintech apps and digital banking, there is still a high demand for banking data in particular. Previous instances have demonstrated how these leaks support account takeovers, loan fraud, and social engineering.