A flaw in ICICI Bank’s iMobile Pay app has been discovered, allowing users to access sensitive details, including card number, expiry date and CVV, of other individuals’ credit cards. This security breach has raised significant concerns regarding data privacy and security, leading the bank to block approximately 17,000 credit cards.
The issue gained traction when Sumanta Mandal took to social media platform X to address the matter directly with the bank and the Reserve Bank of India (RBI), urging swift action to address the vulnerability. Several users joined Mandal to highlight the potential risks of such a security breach.
Following public outcry, ICICI Bank took steps to restrict access to credit card information, signalling an effort to rectify the situation promptly.
Recently, RBI initiated action against Kotak Mahindra Bank ordering it to halt onboarding new customers over online and mobile channels and issuing new credit cards due to mismanagement of the IT framework.
Given such strict action against Kotak Mahindra Bank, it is possible that RBI can take similar action against ICICI.
In response to queries by Mint, an ICICI Bank spokesperson attributed the glitch to “erroneously mapped data linked to 17,000 new credit cards within their digital channels. They clarified that the affected cards represent only 0.1 per cent of the bank’s credit card portfolio and emphasised that there have been no reported cases of misuse so far.
“No instance of misuse of a card from this set has been reported to us. However, we assure you that the Bank will appropriately compensate a customer in case of any financial loss,” the spokesperson told IANS. “As an immediate measure, we have blocked these cards and are issuing new ones to the customers. We regret the inconvenience caused.”
The ICICI iMobile Pay app has over 28 million customers and a total transaction value of over Rs. 9,000 billion in fiscal year 2023.
This is not the first time that ICICI has faced data leaks. In 2023, a report emerged that a misconfigured ICICI bank cloud storage allegedly leaked 3.6 million records.
In the News: WhatsApp threatens to quit India if forced to break encryption