Cyber Incident Victim: Punjab National Bank

The Punjab National Bank (PNB) faced public allegations of a significant data breach on November 21, 2021, when cybersecurity firm CyberX9 published a blog post claiming the bank had compromised the security of funds, personal data, and financial information belonging to all 180 million of its customers. CyberX9 asserted this security lapse had persisted for seven months, exposing sensitive customer assets to potential exploitation. Media outlets amplified these claims in reports published on November 21, prompting PNB to issue a formal denial the following day. The bank categorically stated no breach of its systems had occurred and no customer or account holder data had been pilfered. PNB emphasized its adherence to ISO 27001 standards for information security management, positioning this certification as evidence of robust security practices.

CyberX9 swiftly challenged PNB’s denial, characterizing it as "false and misleading" in subsequent public statements reported by BusinessToday.in. This rebuttal intensified the dispute without providing additional technical evidence of data exfiltration or system intrusion. The conflicting narratives created uncertainty regarding the actual security status of customer data, though no independent verification of either party’s claims was documented in available reports. PNB maintained its position that customer information remained secure, while CyberX9 insisted the bank’s systems were vulnerable. The incident generated media attention focused on the credibility of both the bank’s security assurances and the cybersecurity firm’s initial findings, though conclusive evidence confirming a breach or quantifying potential impacts remained absent from public disclosures.