ICICI Bank has addressed the credit card data breach that compromised the personal information of 17,000 customers. The breach, which allowed unauthorised access to complete credit card details, was first reported by users on social media platforms and the finance-related forum Technofino.
Concerns escalated after customers discovered they could view other users' credit card information, including names, card numbers, expiration dates and CVV codes, directly within the bank's iMobile Pay app.
The breach was specifically linked to a flaw in the iMobile Pay app, a platform that provides over 400 banking services and is accessible by both customers and non-customers of ICICI Bank. Users reported that the app enabled unauthorised access to sensitive card details and allowed alterations to card settings without needing the cardholder's OTP or MPIN, posing a significant risk of misuse for international transactions.
In response to the incident, a spokesperson from ICICI Bank acknowledged the error, stating that the affected cards were recently issued and erroneously linked to incorrect accounts through the bank's digital channels. This error affected merely 0.1 percent of the bank’s entire credit card portfolio. The spokesperson assured the public that there have been no reported instances of misuse so far. As a preventive measure, the bank has blocked all compromised cards and has initiated the process of issuing new cards to the affected customers. The bank has also pledged to compensate any customers who suffer financial losses due to this breach.
Despite the bank's assurances and proactive steps, this incident has raised significant concerns about the security measures in place to protect customer data at ICICI Bank. Customers have been advised to remain vigilant, monitor their accounts for any unauthorised transactions and replace their credit cards immediately if they suspect any compromise.
