A critical security vulnerability in Punjab National Bank (PNB) exposed the personal and financial data of over 180 million customers for the last seven months, cybersecurity firm CyberX9 claims in a report. The vulnerability was fixed by PNB on November 19 after it was reported to CERT-In and NCIIPC, the firm said. PNB is India's second-largest public sector bank and an allegation that all of its customer accounts could've been compromised by cyber attackers is alarming. In a statement to MoneyControl, PNB confirmed a vulnerability in one of its servers but denied that any critical data was exposed or other systems were affected. MediaNama has reached out seeking more details. Cyberattacks and data breaches have been growing rapidly in recent months. Just earlier this month, CyberX9 reported that another large financial company, Central Depository Services Limited (CDSL), exposed sensitive data of around 4.39 crore investors. What was the vulnerability at PNB? CyberX9 reported that on November 17 it discovered a critical vulnerability that gave it access to the highest level of administrator privileges in an internal PNB server, which in turn exposed PNB's systems nationwide. This unrestricted access could have allowed any malicious attacker to get access to any information on PNB's network including systems in PNB branches and other departments, the cybersecurity firm said. An attacker could've potentially had the ability to remotely execute any code on them, steal data, make transactions, get complete control of such connected computer systems. – CyberX9 PNB, however, told MoneyControl: "The server wherein the vulnerability was reported,…
