A threat actor has taken responsibility for breaching a third-party onboarding service, leading to the theft of over one terabyte (TB) of sensitive data. Among the affected organisations is OneCard, an Indian financial services company specialising in credit cards. Their data, amounting to 266 GB, has been posted on a hacking forum.
The compromised OneCard data comprises approximately 451,000 files spanning diverse formats, including .png images, .mp4 videos, and PowerPoint presentations, alongside nine critical JSON files.
The stolen data, now reportedly for sale on the dark web, paints a worrying picture for the fintech ecosystem. If validated, this breach could compromise OneCard’s optional integrity and customer trust, reports FalconFeeds.
The threat actor behind the breach claims to have contacted OneCard regarding the incident. However, after receiving no response, they decided to monetise the data by listing it for sale.
The dark web data includes an inventory of compromised data that cyber crooks could use for theft, fraud, phishing, and other cybercrime.
Only a few days ago, OneCard raised $28.5 million at a valuation of around $1.4 billion.
As of now, OneCard has not issued an official statement confirming or denying the breach.
In March 2024, the Reserve Bank of India (RBI) warned some Indian banks to strengthen their defences. Mint reports that between June 2018 and March 2022, Indian banks experienced 248 breaches.
Interestingly, private-sector banks experienced more breaches than government-owned banks. Out of the reported cases, 41 were related to public sector banks, 205 to private banks, and two to foreign banks.
In August 2024, C-Edge Technologies Ltd., a key technology service provider for cooperatives and Regional Rural Banks (RRBs), was targeted by ransomware attacks that affected more than 300 banks.
In response to the attack, the National Payments Corporation of India (NPCI) isolated C-Edge from accessing the payment system.
We’ve contacted OneCard for comments and will update the story with a response when we receive one.
In the News: Nishi-Nippon bank warns of surge in corporate internet banking fraud