The renowned SVC bank has registered a cyber case of criminal breach of trust and data compromise against its own employees. In a shocking turn of events, two ex-employees and 1 current employee at SVC caused the bank data breach which led to a loss of Rs 29 crore and data theft of 447 bank customers.
The police in Thane are hot on the case. The accused employees have been identified and he MD of the bank, Ajit Venugopalan, has been quite active about his bank’s data breach case and its proceedings.
“Venugopalan claimed to have got information that one of the accused had received confidential information of a bank customer. Sensing that this could be harmful for the bank, he initiated inquiry into the matter. Venugopalan directed the Bank’s IT and vigilance departments to check if any further data breaches had taken place.” – One of the investigating police officials.
The IT department then submitted a report which said bank officials had leaked the personal confidential customer and employee data via a Shared Network Access between bank systems. Once the IT Department was sure of misconduct, the bank requested them to dig out more information. That’s when the accused from Coimbatore and Delhi were incriminated.
As per the report, two employees hacked into the accounts of 447 customers, created PDF documents of it, and mailed it to their personal accounts. They did so by infiltrating the banks ISMS (Information Security Management system).
So, what about the 29 crores?
That actually came about because of the reputation tarnishing that SVC had to struggle through, prompting several of their customers to withdraw their deposits prematurely.
The cyber expert and lawyer representing the bank said the following: “The bank had solid evidence to prove the involvement of these 3 accused. Crime of data theft with criminal breach of trust attracts maximum of seven years of punishment and we will pursue the matter to its logical conclusion to create reasonable deterrence.”
To wrap up the case, the police have indicted the accused under Sections 408 [Criminals breach of trust by clerk or servant], 109 [Punishment of abetment if the act abetted is committed in consequence and where no express provision is made of its punishment], and 34 [Common Intention] of the Indian Penal Code and Sections 43A [ Compensation for failure to protect data] and 66 [Computer related offences] of the IT Act.
If nothing else, this bank data breach sheds light on how cyber breaches can directly impact a business, and even if money is not explicitly stolen, almost always leads in monetary losses. It is not the case that banks are always targeted for theft of money; sometimes, internal employee greed and grudges can lead to data leaks too. Inevitably, such data leaks cause dents in a business’s finances.
It is very important to have strong system that protect organization not only from external threats but from internal issues as well.
Get a better visibility and control, to identify sophisticated targeted threats with Logix Infosecurity’s Cybersecurity Services.