Data of 6 lakh customers of HDFC#39;s NBFC arm compromised in hack, HDFC denies claims

The NBFC arm of HDFC Bank in a statement said the leak happened at one service provider and it has taken steps to prevent further unauthorised access.

‘); $ (‘#lastUpdated_’+articleId).text(resData[stkKey][‘lastupdate’]); //if(resData[stkKey][‘percentchange’] > 0){ // $ (‘#greentxt_’+articleId).removeClass(“redtxt”).addClass(“greentxt”); // $ (‘.arw_red’).removeClass(“arw_red”).addClass(“arw_green”); //}else if(resData[stkKey][‘percentchange’] < 0){ // $ (‘#greentxt_’+articleId).removeClass(“greentxt”).addClass(“redtxt”); // $ (‘.arw_green’).removeClass(“arw_green”).addClass(“arw_red”); //} if(resData[stkKey][‘percentchange’] >= 0){ $ (‘#greentxt_’+articleId).removeClass(“redtxt”).addClass(“greentxt”); //$ (‘.arw_red’).removeClass(“arw_red”).addClass(“arw_green”); $ (‘#gainlosstxt_’+articleId).find(“.arw_red”).removeClass(“arw_red”).addClass(“arw_green”); }else if(resData[stkKey][‘percentchange’] < 0){ $ (‘#greentxt_’+articleId).removeClass(“greentxt”).addClass(“redtxt”); //$ (‘.arw_green’).removeClass(“arw_green”).addClass(“arw_red”); $ (‘#gainlosstxt_’+articleId).find(‘.arw_green’).removeClass(“arw_green”).addClass(“arw_red”); } $ (‘#volumetxt_’+articleId).show(); $ (‘#vlmtxt_’+articleId).show(); $ (‘#stkvol_’+articleId).text(resData[stkKey][‘volume’]); $ (‘#td-low_’+articleId).text(resData[stkKey][‘daylow’]); $ (‘#td-high_’+articleId).text(resData[stkKey][‘dayhigh’]); $ (‘#rightcol_’+articleId).show(); }else{ $ (‘#volumetxt_’+articleId).hide(); $ (‘#vlmtxt_’+articleId).hide(); $ (‘#stkvol_’+articleId).text(”); $ (‘#td-low_’+articleId).text(”); $ (‘#td-high_’+articleId).text(”); $ (‘#rightcol_’+articleId).hide(); } $ (‘#stk-graph_’+articleId).attr(‘src’,’//appfeeds.moneycontrol.com/jsonapi/stocks/graph&format=json&watch_app=true&range=1d&type=area&ex=’+stockType+’&sc_id=’+stockId+’&width=157&height=100&source=web’); } } } }); } $ (‘.bseliveselectbox’).click(function(){ $ (‘.bselivelist’).show(); }); function bindClicksForDropdown(articleId){ $ (‘ul#stockwidgettabs_’+articleId+’ li’).click(function(){ stkId = jQuery.trim($ (this).find(‘a’).attr(‘stkid’)); $ (‘ul#stockwidgettabs_’+articleId+’ li’).find(‘a’).removeClass(‘active’); $ (this).find(‘a’).addClass(‘active’); stockWidget(‘N’,stkId,articleId); }); $ (‘#stk-b-‘+articleId).click(function(){ stkId = jQuery.trim($ (this).attr(‘stkId’)); stockWidget(‘B’,stkId,articleId); $ (‘.bselivelist’).hide(); }); $ (‘#stk-n-‘+articleId).click(function(){ stkId = jQuery.trim($ (this).attr(‘stkId’)); stockWidget(‘N’,stkId,articleId); $ (‘.bselivelist’).hide(); }); } $ (“.bselivelist”).focusout(function(){ $ (“.bselivelist”).hide(); //hide the results }); function bindMenuClicks(articleId){ $ (‘#watchlist-‘+articleId).click(function(){ var stkId = $ (this).attr(‘stkId’); overlayPopupWatchlist(0,2,1,stkId); }); $ (‘#portfolio-‘+articleId).click(function(){ var dispId = $ (this).attr(‘dispId’); pcSavePort(0,1,dispId); }); } $ (‘.mc-modal-close’).on(‘click’,function(){ $ (‘.mc-modal-wrap’).css(‘display’,’none’); $ (‘.mc-modal’).removeClass(‘success’); $ (‘.mc-modal’).removeClass(‘error’); }); function overlayPopupWatchlist(e, t, n,stkId) { $ (‘.srch_bx’).css(‘z-index’,’999′); typparam1 = n; if(readCookie(‘nnmc’)) { var lastRsrs =new Array(); lastRsrs[e]= stkId; if(lastRsrs.length > 0) { var resStr=”; let secglbVar = 1; var url = ‘//www.moneycontrol.com/mccode/common/saveWatchlist.php’; $ .get( “//www.moneycontrol.com/mccode/common/rhsdata.html”, function( data ) { $ (‘#backInner1_rhsPop’).html(data); $ .ajax({url:url, type:”POST”, dataType:”json”, data:{q_f:typparam1,wSec:secglbVar,wArray:lastRsrs}, success:function(d) { if(typparam1==’1′) // rhs { var appndStr=”; //var newappndStr = makeMiddleRDivNew(d); //appndStr = newappndStr[0]; var titStr=”;var editw=”; var typevar=”; var pparr= new Array(‘Monitoring your investments regularly is important.’,’Add your transaction details to monitor your stock`s performance.’,’You can also track your Transaction History and Capital Gains.’); var phead =’Why add to Portfolio?’; if(secglbVar ==1) { var stkdtxt=’this stock’; var fltxt=’ it ‘; typevar =’Stock ‘; if(lastRsrs.length>1){ stkdtxt=’these stocks’; typevar =’Stocks ‘;fltxt=’ them ‘; } } //var popretStr =lvPOPRHS(phead,pparr); //$ (‘#poprhsAdd’).html(popretStr); //$ (‘.btmbgnwr’).show(); var tickTxt =’‘; if(typparam1==1) { var modalContent = ‘Watchlist has been updated successfully.’; var modalStatus = ‘success’; //if error, use ‘error’ $ (‘.mc-modal-content’).text(modalContent); $ (‘.mc-modal-wrap’).css(‘display’,’flex’); $ (‘.mc-modal’).addClass(modalStatus); //var existsFlag=$ .inArray(‘added’,newappndStr[1]); //$ (‘#toptitleTXT’).html(tickTxt+typevar+’ to your watchlist’); //if(existsFlag == -1) //{ // if(lastRsrs.length > 1) // $ (‘#toptitleTXT’).html(tickTxt+typevar+’already exist in your watchlist’); // else // $ (‘#toptitleTXT’).html(tickTxt+typevar+’already exists in your watchlist’); // //} } //$ (‘.accdiv’).html(”); //$ (‘.accdiv’).html(appndStr); } }, //complete:function(d){ // if(typparam1==1) // { // watchlist_popup(‘open’); // } //} }); }); } else { var disNam =’stock’; if($ (‘#impact_option’).html()==’STOCKS’) disNam =’stock’; if($ (‘#impact_option’).html()==’MUTUAL FUNDS’) disNam =’mutual fund’; if($ (‘#impact_option’).html()==’COMMODITIES’) disNam =’commodity’; alert(‘Please select at least one ‘+disNam); } } else { AFTERLOGINCALLBACK = ‘overlayPopup(‘+e+’, ‘+t+’, ‘+n+’)’; commonPopRHS(); /*work_div = 1; typparam = t; typparam1 = n; check_login_pop(1)*/ } } function pcSavePort(param,call_pg,dispId) { var adtxt=”; if(readCookie(‘nnmc’)){ if(call_pg == “2”) { pass_sec = 2; } else { pass_sec = 1; } var postfolio_url = ‘https://www.moneycontrol.com/portfolio_new/add_stocks_multi.php?id=’+dispId; window.open(postfolio_url, ‘_blank’); } else { AFTERLOGINCALLBACK = ‘pcSavePort(‘+param+’, ‘+call_pg+’, ‘+dispId+’)’; commonPopRHS(); /*work_div = 1; typparam = t; typparam1 = n; check_login_pop(1)*/ } } function commonPopRHS(e) { /*var t = ($ (window).height() – $ (“#” + e).height()) / 2 + $ (window).scrollTop(); var n = ($ (window).width() – $ (“#” + e).width()) / 2 + $ (window).scrollLeft(); $ (“#” + e).css({ position: “absolute”, top: t, left: n }); $ (“#lightbox_cb,#” + e).fadeIn(300); $ (“#lightbox_cb”).remove(); $ (“body”).append(”); $ (“#lightbox_cb”).css({ filter: “alpha(opacity=80)” }).fadeIn()*/ $ (“.linkSignUp”).click(); } function overlay(n) { document.getElementById(‘back’).style.width = document.body.clientWidth + “px”; document.getElementById(‘back’).style.height = document.body.clientHeight +”px”; document.getElementById(‘back’).style.display = ‘block’; jQuery.fn.center = function () { this.css(“position”,”absolute”); var topPos = ($ (window).height() – this.height() ) / 2; this.css(“top”, -topPos).show().animate({‘top’:topPos},300); this.css(“left”, ( $ (window).width() – this.width() ) / 2); return this; } setTimeout(function(){$ (‘#backInner’+n).center()},100); } function closeoverlay(n){ document.getElementById(‘back’).style.display = ‘none’; document.getElementById(‘backInner’+n).style.display = ‘none’; } stk_str=”; stk.forEach(function (stkData,index){ if(index==0){ stk_str+=stkData.stockId.trim(); }else{ stk_str+=’,’+stkData.stockId.trim(); } }); $ .get(‘//www.moneycontrol.com/techmvc/mc_apis/stock_details/?classic=true&sc_id=’+stk_str, function(data) { stk.forEach(function (stkData,index){ $ (‘#stock-name-‘+stkData.stockId.trim()+’-‘+article_id).text(data[stkData.stockId.trim()][‘nse’][‘shortname’]); }); }); function redirectToTradeOpenDematAccountOnline(){ if (stock_isinid && stock_tradeType) { window.open(`https://www.moneycontrol.com/open-demat-account-online?classic=true&script_id=$ {stock_isinid}&ex=$ {stock_tradeType}&site=web&asset_class=stock&utm_source=moneycontrol&utm_medium=articlepage&utm_campaign=tradenow&utm_content=webbutton`, ‘_blank’); } } Data of around six lakh customers of HDB Financial Services may have been compromised in a hack on the HDFC Bank’s non-banking financial services (NBFC) arm, as per multiple reports.Data privacy platform Privacy Affairs first tweeted about the alleged data leak on Twitter early on March 6. It stated: “Personal information of around 600,000 customers of the India-based HDFC Bank has allegedly been leaked by hackers on a popular cybercriminal forum.” (sic)The tweet received a response from HDFC Bank’s official customer care Twitter account early on March 7, which said there was no data breach. The reply by HDFC Bank Cares read: “Hi, we wish to state that there is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. We remain confident in our systems. However, we treat the matter of our customers’ data security with utmost seriousness and we continue to monitor bank systems and our ecosystems to ensure the highest standards of data security and safety.” (sic)
Hi, we wish to state that there is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. We remain confident of our systems. However we treat the matter of our customers data security with utmost seriousness and we continue to— HDFC Bank Cares (@HDFCBank_Cares) March 7, 2023What happened?Privacy Affairs’s initial report was based on claims made by cybercriminal ‘kernelware’ on a popular hacker forum ‘Breached.vc’, where they provided 7.5 GB of customer data samples and demanded money for the full database.The hacker claimed that the data was stolen between May 2022 and March 2023 and contained sensitive information such as customers’ date of birth, full name, residential address, email address, phone number, loan information, credit scores, employment information and more. They claim to have 73 million entries.Further, multiple customers took to social media on March 6 sharing that they received spam messages from the official HDFC Mobile Banking app and were unable to conduct online transactions. There has been a surge in spam bank text messages in the recent past, Business Standard reported.What do the companies say?However, HDFC Bank has continued to deny the leak and in a media statement said, “There is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. However, we treat the matter of our customers’ data security with utmost seriousness and we continue to monitor bank systems and the ecosystem to ensure the highest standards of data security and safety.”On the other hand, HDB Financial told Mint there was “an incident at one of our service providers, who process some of our customer information”, adding that “immediate steps” were taken to secure the service provider’s system and prevent any further unauthorised access.“In addition, we are conducting a thorough review of the security measures adopted by the service provider to prevent similar incidents from happening in the future. We have also notified the regulator and CERT-IN and we are working with them to investigate this incident to the fullest,” HDB Financial said.While HDB Financial did not name the service provider, according to a report in Mint the company in question is Lentra.ai – a loan aggregate company that received early investment from HDFC Bank.HDB Financial ServicesHDB Financial Services is the NBFC-arm of HDFC Bank, which offers business and retail loans for gold and consumer durables. Its assets under management (AUM) as of March 2022 were at Rs 61,444 crore. Around 43 percent of its AUM is exposed to commercial vehicles and construction equipment loans.The company reported a jump in post-tax net at Rs 441.3 crore for June 2022 quarter and had less than 5 percent of bad assets as of March 2022 as per a CRISIL note.