A database belonging to Jana Bank has been found open online, accessible by anyone.
The non-password protected database had been discovered by researcher, Jeremiah Fowler, on May 26.
The Elastic database, contained information including Know Your Customer (KYC) PII client information, wallet ID, usernames, emails, account and transaction data. Additionally IP addresses, pathways and ports were discovered, to which cyber criminals could exploit to gain access deeper into the network.
Altogether 2.6 million users and transaction records had been exposed.
Once the database was discovered, Fowler followed a “responsible disclosure policy” and had reported the discovery. On May 28, the database was closed and restricted from the public.
It remains unclear as to how long the data was exposed for, and who may have had access to it.
Jana Small Finance Bank provides loans or credit to individuals, entrepreneurs, small business owners, who would not be eligible in larger banks.
“Providing loans and credit is important and a valuable service, but this is a wake up call for any organization who collects and stores user or customer data. There is an even higher standard when it comes to financial data because of the increased risk of fraud or theft,” said Fowler.
It is unclear if Jana Bank has notified the authorities or users.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.