Private banks reported most data breaches in 2018-22: Parliament told

Attacks caused loss of business and personal data, says junior finance minister

Private banks reported the most data breaches between June 2018 and March 2022 in attacks that stole business and personal information, said a minister on Tuesday.

All banks reported 248 data breaches in the four-year period, Minister of State for Finance Bhagwat Karad told Rajya Sabha. Of those attacks, 205 were in private banks and 41 in state-owned. The remaining two were at foreign banks.

The Reserve Bank of India (RBI) has a Cyber Security Framework for Scheduled Commercial Banks, which requires banks to implement cyber/IT (Information technology) controls to prevent data leakage. Banks have been directed to strengthen their information technology (IT) risk governance framework that mandates an active role by their chief information security officers. The board and IT committee of banks must also be actively involved to ensure compliance with the required standards, the upper house of the Parliament was informed.

Non-compliance by banks is assessed by the RBI during its IT examination, and action is taken based on the degree of severity and frequency of non-adherence. Supervisory actions taken by the central bank include directing banks to initiate corrective measures within a definitive timeline; advising board to examine and initiate actions against erring staff; and enforcement action in the form of imposition of the monetary penalty and/or restriction on business activities.

The government separately told Parliament that 0.93 million incidents of compromise of customer accounts due to phishing, credential /one time password (OTP) compromise. The incidents and amount of loss incurred by customers were reported between April 1, 2020 and March 31, 2022, involving an amount of Rs 1,435 crore.

According to government data, fraud amounting to Rs 6,861 crore was reported by private and public sector banks in the first quarter of the current financial year.