ICICI Bank, one of India’s leading private banks, exposed the sensitive data of thousands of new credit cards to customers who were not their intended recipients.
The Mumbai-based bank confirmed to TechCrunch on Thursday that its digital channels “inadvertently mapped” about 17,000 credit cards issued in recent days to the “wrong” users. The issue came to light after some customers raised concerns on social media about the bank’s iMobile Pay app exposing unknown customers’ credit card details, including the full number and card verification value (CVV).
“Our customers are our highest priority and we are wholeheartedly committed to safeguarding their interests,” Kausik Datta, head of corporate communications at ICICI Bank, said in a statement emailed to TechCrunch. “We are sorry for the inconvenience caused. No case of card misuse from this set has been reported to us. However, we assure that the Bank will adequately compensate a customer in case of any financial loss.”
The spokesperson added that the number of affected credit cards made up about 0.1% of the bank’s credit card portfolio.
As mentionted from finance-related forum Technofino, sensitive data such as full card number, expiry date and CVV of unknown customers’ credit cards suddenly appeared for some users on the iMobile Pay app.
“I have access to someone else’s Amazon Pay CC due to a security bug in the iMobile app. Although OTP restricts domestic transactions but I can do international transactions using the details from iMobile app,” wrote one of the users on the forum.
The bank’s spokesperson told TechCrunch that it is blocking affected cards and issuing new cards to customers.
ICICI Bank, which has more than 6,000 branches in India, is in 17 countries Worldwide. The iMobile Pay app, launched in 2008, has over 28 million users.
