India's largest bank, State Bank of India (SBI) has denied all reports of data leak after it was accused of failing to safe-guard the financial records of its customers. The bank has stated that its servers were not compromised and that there was no data breach. "In the incident that has been highlighted, the investigation has revealed that SBI's servers remained fully protected and there was no breach at this end," the bank said in a statement.
Earlier last week, a report from TechCrunch suggested that the bank exposed financial information of its customers through an unprotected server. The information that was exposed contained partial account numbers, balances, transaction details and much more.
Post a thorough investigation, the bank said, "SBI has taken serious note of news articles appearing in the media regarding customer data being exposed to risk."
"The matter has been thoroughly investigated immediately after it was brought to the notice of the Bank. SBI would like to assure all its customers that their data is safe and secure and SBI is fully committed to ensuring this", the bank added as per the IANS report.
According to the bank, text and call based service SBI Quick masks account details after sending messages to the customers, ensuring basic data protection for the customer. The masking process makes use of services of telecom providers and aggregators.
So what had really happened?
According to the State Bank of India, there was a misconfiguration or gap in the process that caused the error. The investigations revealed that the fault was rectified as soon as it was noticed. Also, the bank said that the server didn't give out username or passwords of any account holder and therefore there was no risk to security.
Earlier, it was erroneously reported that the unprotected server had compromised bank's back-end text messaging system, revealing the messages going to customers through the service. The outgoing messages contained information like bank balances, mobile numbers, recent transactions, and partial account numbers.