Cyber Incident Victim: HDB Financial Services
Date:
Mar 2023
Location:
India
Summary
A significant data breach impacted HDB Financial Services, a subsidiary of HDFC Bank, where a hacker known as Kernelware leaked approximately 73 million customer records containing extensive personal, employment, and financial details, including names, contact information, loan specifics, credit scores, and transaction logs. The data was disclosed on an illicit forum and originated from customers who applied for loans during a recent period, prompting an investigation by the subsidiary and national cybersecurity authorities. While the parent organization denied any compromise, analysis confirmed the data belonged to the subsidiary, raising substantial privacy concerns and highlighting vulnerabilities in safeguarding sensitive consumer information amid broader regional cybersecurity incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2023, a hacker operating under the alias Kernelware leaked approximately 7.5 GB of data belonging to HDB Financial Services, a subsidiary of HDFC Bank, India's largest private bank. The breach occurred on or around March 8th when the stolen records were published on BreachForums, an underground hacker forum that emerged as a replacement for the defunct RaidForums. The dataset contained over 73 million customer records primarily related to individuals who had applied for loans through HDB Financial Services between May 2022 and February 2023. Analysis revealed the exposed information included highly sensitive personal identifiers such as full names, dates of birth, phone numbers, email addresses, and employment details. Financial particulars such as loan specifics, transaction methods, processing fees, bank branch information, credit scores, and Experian scores were also compromised. Additional records featured operational details including dealer names, transaction logs, margin money logs, general asset logs, LOS identifiers, loyalty card numbers, employee codes, and other miscellaneous internal documentation. This marked the second major breach attributed to Kernelware within days, following their 160 GB data leak from Taiwanese electronics firm Acer Inc., which the company subsequently confirmed.
HDFC Bank initially denied responsibility for the breach, but technical analysis confirmed the data originated from its subsidiary HDB Financial Services. The company acknowledged experiencing a cybersecurity incident and launched an investigation with involvement from India's Computer Emergency Response Team (CERT-IN). The exposure of detailed financial histories and identifiers for tens of millions of loan applicants created substantial risks for identity theft, financial fraud, and targeted phishing campaigns. The incident represented one of India's largest financial sector breaches in 2023, occurring weeks after the RailYatri platform exposed personal details of 31 million travelers. The dual breaches attributed to Kernelware demonstrated the attacker's focus on major Asian corporations handling sensitive consumer data, though no operational disruptions to banking services were reported from either organization. No ransomware demands or extortion attempts were mentioned in connection with either the HDB Financial Services or Acer breaches at the time of disclosure.