The SafetyDetectives cybersecurity team has discovered a forum post about a database being offered for sale online which the vendor claims is owned by India’s Federal Bank/Fedfina Subsidiary.
The database allegedly contains 122MB of data, or approximately 637,000 records.
A vendor on the forum has posted an advert offering the information for sale as a package. The vendor claims that the database includes the personally identifiable information (PII) of approximately 600,000 customers.
According to the researchers’ findings, the data leak appeared to involve customers’ names, ages, phone numbers, driving license details, voter IDs, passport numbers, and more.
What is the India Federal Bank/Fedfina?
The India Federal Bank, headquartered in Aluva, Kerala, India, is an Indian private sector bank.
The financial services organization uses the slogan “Your Perfect Banking Partner” and claims it is “the preferred Personal, NRI and Business banking partner for a growing expanse of customers across India, in both urban and rural areas.”
The financial organization says it is “continuously striving to become the first choice for all Indians.”
As of September 30, 2022, the bank has 1305 branches with a customer base of over 10 million.
Federal Bank says:
“Redefining human experience, the digital way has been our constant goal for a while now. Our digital innovations of today are on the cusp of redefining the banking paradigm of tomorrow.
Federal Bank is continuously scaling up this mantra to reach out, meaningfully and impactfully, to more and more customers.”
Fedbank Financial Services Ltd (Fedfina), with more than 460 branches across India, offers financial products such as gold, home, car and business loans as well as loans against property. According to Fedfina’s latest annual report, it is a subsidiary of Federal Bank.
What is the forum about?
Screenshot of the forum’s landing page
The website where the database has been discovered is a forum available on the clear, or surface, web. The platform includes tutorials for crack tools, exploits, and software.
Community members can post, promote, and sell stolen databases and records. The forum also operates a marketplace for purchasing digital products and services, including cracked accounts, fraudulent tokens, and credit card dumps.
Information Allegedly Exposed :
Screenshot of the forum post
According to the forum post, published online by a user on November 15, 2022, the data dump includes a list of customers allegedly belonging to India Federal Bank and Fedfina.
The forum post reads:
“COUNTRY : #INDIA | DATABASE FORMAT : #csv | DATABASE INFO : 637,895 records
Full db include photographs of id card, dm me for full db.”
There are potentially up to 589,000 unique records according to the Customer ID and name columns included in the samples. The records potentially contain sensitive Personally Identifiable Information (PII), including:
- Full names
- Dates of birth
- PAN_NO (Income tax department-related ID numbers)
- Ages
- Genders
- Fathers’ names
- Spouses’ names (if applicable)
- Drivers license numbers
- Passport numbers (if applicable)
- Voter ID numbers
- Email addresses
- Phone numbers
- Physical addresses
The vendor says they have photographic copies of identification cards, although there is no proof contained in the sample found in the post for verifying this claim.
Furthermore, it is important to note that SafetyDetectives was only able to examine the records included in the forum post sample, and while the user claims that the data belongs to India Federal Bank and its Fedfina subsidiary, there is no evidence to support this statement.
Screenshot of the CSV file exposing India Federal Bank/Fedfina customers
The impact of the data breach:
The forum seller says interested parties can contact them to purchase the stolen information.
If the data dump is genuine, selling this information could result in identity theft. In addition, stolen personal records may be used in broader social engineering and phishing activities, leading to potential account takeovers or fraudulent payments.
Timeline:
- Likely date of alleged data breach: Unknown
- November 15, 2022: The alleged data dump was posted online by a forum user
- November 16, 2022: SafetyDetectives discovered the forum post
SafetyDetectives reached out to the alleged owner with our findings, but we are yet to receive a response as of the day of publication.
Preventing data exposure:
When third parties hold your data, unfortunately, it is out of your hands when an organization exposes information. However, here are some preventative tips followed by guidance on what to do after you are made aware of a data breach.
- Be cautious of what information you give out and to whom
- Check that the website you’re on is secure by looking for HTTPS in the address bar and/or a closed lock). This shows that communication has at least a basic level of encryption. It would help if you also used a VPN to disguise and secure your online activity.
- Only reveal online what you feel confident cannot be used against you. Avoid sharing or posting sensitive PII, images, or personal preferences that could be troublesome if made public.
- Create secure passwords by combining letters, numbers, and symbols, and consider using a password locker to store complex combinations securely.
- Do not click links or respond to emails unless you know the sender is legitimate. Fraudulent links can send you to malicious websites or expose you to exploit kits, whereas phishing emails are designed to steal your information.
- Double-check any social media accounts (even ones you no longer use) to ensure that the privacy of your posts and personal details are visible only to people you trust.
- Avoid using credit card information and typing out passwords over unsecured WiFi networks.
You can use tools, including the HaveIBeenPwned data breach search engine, as well as read our research and keep an eye on the news to find out if you are potentially involved in a data security incident.
If you suspect your data has been leaked, don’t panic. However, it would be best if you tried contacting the organization responsible to discover exactly what happened. Furthermore, you should keep an eye on your credit report and your financial accounts for any signs of suspicious activity indicative of identity theft or fraud.
About us:
SafetyDetectives tests, compares, and reviews antivirus software, password managers, parental control apps, and virtual private networks (VPNs) using a robust testing methodology.
The SafetyDetectives research lab is a pro bono service that aims to help the online community defend itself against cyber threats. We aim to help the online community defend itself against modern-day cyberattackers while educating organizations on protecting their users’ data.
Find out more about what constitutes cybercrime, the best tips to prevent phishing attacks, and how to avoid ransomware by following SafetyDetectives’ blog and our latest news.