Novel hacker group claims major data theft from India's ICICI Bank

A relatively new hacker group has claimed that it breached the internal network of ICICI Bank Ltd., one of India’s leading banking institutions, and stole confidential data.

 

Headquartered in Mumbai, India, ICICI bank is one of the country’s leading financial organisations. With a presence in over 11 countries globally, the bank offers a wide range of banking and financial services for corporate and retail customers through various delivery channels and specialized subsidiaries in the areas of investment banking, life, non-life insurance, venture capital and asset management.

 

Recently, a novel hacker group using the moniker “Bashe” claimed that it infiltrated the internal network of ICICI Bank and listed it as a victim on its data leak site. 

 

The group claims to be in possession of confidential data stolen from the bank and says it gave the bank until January 24 to pay a ransom to regain access to the stolen data.

 

According to screenshots shared on X, formerly Twitter, the stolen data includes the sensitive personal data of ICICI bank’s customers, including their names, addresses, gender and more. While the group did not share the amount of the stolen data, it has given an option to “buy data immediately” to interested buyers. The bank is yet to release a statement regarding the breach.

 

 

This is not the first time ICICI bank has faced such allegations. In April 2023, security researchers at Cybernews went public to state that they discovered a misconfigured and publicly-accessible Digital Ocean bucket that contained more than 3.6 million files belonging to ICICI Bank.

 

ICICI Bank, in a statement shared with the media, said that the report about the bank suffering a data breach was “baseless and mischievous.” In its Q4 performance call, the bank’s Executive Director Sandeep Batra called the report “baseless and mischievous” and said there is no trace of evidence on the data getting leaked.