58 Million Records compromised in USA…. ICICI Bank may need to issue a disclaimer

Posted on October 15, 2016 by Vijayashankar Na

An unprotected open-source data base of Modern Business Solutions (MBS) based in Austin, TX is said to have compromised 58 million to 258 million data base records of its customers because of faulty configuration of its security.

According to this report from riskbasedsecurity.com  the firm provides cloud based data management platform called Hardwell Data allowing the customers to collect, store and transfer data records regardless of format, including a cloud based hosting system for databases. It is stated that the IP address of the insecure data base was identified on an internet search and shared within a small group of friends which ultimately resulted in the mega data breach.

Leaked information included names, IP addresses, birth dates, email addresses, vehicle data and occupations.

It is understood that the data base has now been secured and is no longer accessible. This however confirms that the breach was a result of a gross negligence by the information security managers of the firm.

While the IS professionals look at the problem from their perspective, there is another angle to the whole episode.

“Modern Business Solutions” is a common name used by many businesses and websites many of them in India. At least one of them is known to be providing services to ICICI Bank.  It is possible that the MBS of Austin might not have any connection with the company having business relationship with ICICI Bank.

However, as a part of the “Compliance Requirements”, it is necessary for ICICI Bank to come out with a public disclaimer that there is no business relationship between the MBS of Austin, TX and the Bank and no data of any Indian is involved in the data breach.

The same advisory holds good for all business entities in India who deal with any company called “Modern Business Solutions” to issue necessary disclaimers. Such companies who are “Lookalikes” also need to issue their own disclaimers.

For the future every company  should consider using the services of “www.lookalikes.in” so that when such reputation loss occurs on account of any shared name, their own customers feel re-assured.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

1 Response to 58 Million Records compromised in USA…. ICICI Bank may need to issue a disclaimer

  1. Advocate Mahendra Limaye says:
    October 15, 2016 at 10:49 am

    Very genuine demand from ICICI Bank to come out with clarifications.As seen earlier very few Indian Companies are voluntarily disclosing Data Breaches and government must be very strict on these data breaches voluntary disclosures.It seems that we are selectively following norms of US Cyber Laws and this is detrimental to data security of Indian online users.Kudos to Naavisir for coming up with such nice informative article.

    Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.