In a major case of cyber attack and data breach, almost 30 GB of customer data allegedly belonging to HDB Financial Services was leaked online on a hacker forum on March 6.
The data is estimated to contain around 73 million entries and is from the period between May 2022 and February 2023, said two people who have seen the data dump.
HDB Financial Services is the non-banking lending arm of private sector lender HDFC Bank.
YourStory has seen a sample of the data, which contains consumer information pertaining to two categories of loans—consumer durable loans and two-wheeler loans.
“If you look at the data dump, there is information around customers’ application, whether it was processed or rejected, and the loan sanction amount,” said one of the people mentioned earlier.
For instance, a particular data set, which YourStory has seen, contains details about a TVS scooter being purchased by a customer in Meerut, who was sanctioned a loan of Rs 1,35,000. The mobile number and the name of the customer is also available.
There is also data on a consumer looking to purchase a Vivo V5 smartphone and he was sanctioned Rs 35,999 (the price of the device in India). The name of the customer, his location, the dealer’s name, and the purchase date are all available in the data dump.
YourStory could not ascertain the exact number of customers whose data has been leaked, given that there could be multiple entries on the same person.
Preliminary estimates suggest that the loan origination system of the NBFC (non-banking finance company) arm of the banking group has been impacted by the attack.
The data that has been released mainly pertains to customers applying for credit, their credit scores being checked, and the status of their loans (whether it has been approved or not).
“Typically, such attacks are followed by ransom demands from hackers; it is not clear if such a demand was made to the NBFC,” said the other person mentioned in the story.
In 2020, Indiabulls Group faced a similar attack when a chunk of its customer data was compromised.
YourStory has sent detailed email queries to HDB Financial Services. The story will be updated once the company shares a response.
Some media reports indicate that the attack was aimed at the private sector lender. However, HDFC Bank has clarified that its systems remain safe.
“We wish to state that there is no data leak at HDFC Bank and our systems have not been breached or accessed in any unauthorised manner. We remain confident in our systems,” said an HDFC Bank spokesperson after the news broke out.
“However, we treat the matter of our customers’ data security with utmost seriousness and we continue to monitor bank systems and the ecosystem to ensure the highest standards of data security and safety.”
HDB Financial Services offers business loans and retail loans for gold and consumer durables. Its AUM stood at Rs 61,444 crore as of March 2022; 43% of the AUM is exposed to commercial vehicle and construction equipment loans.
The NBFC had bad assets of less than 5% as of March 2022, said a Crisil note from July last year.
![Read more about the article [Funding alert] FingerprintJS raises $8M in Series A for fraud prevention APIs](https://blog.digitalsevaa.com/wp-content/uploads/2021/02/funding21-1613105082398-300x150.jpg)
![Read more about the article [Jobs Roundup] Here’s how you can work for edtech startup Teachmint](https://blog.digitalsevaa.com/wp-content/uploads/2021/06/Imagejqo4-1603877993711-300x150.jpg)