Credit card details issued by banks from at least six Southeast Asian countries have been leaked online.
India-based cyber security start-up Technisanct uncovered a series of breaches involving credit card details issued by top banks in Singapore, Malaysia, the Philippines, Vietnam, Indonesia and Thailand.
Technisanct discovered the breaches after its threat analyst team conducted research to analyse threats to the financial sector in the South East Asian countries.
Credit card holders from the Philippines were the most hit, with 172,828 cards breaches, followed by Malaysia (37,145), Indonesia (35,354), Singapore (25,290), Vietnam (23,144) and Thailand (16,908).
Altogether the team discovered 319,669 card details including card numbers, card holder names, CVV, expiry dates, and in some cases PIN numbers. Many of which were for sale on various dark-web forums.
“The results are alarming as it seems no one is aware that such a huge volume of payment card details – including the CVV and PIN – are available,” said CEO Nandakishore Harikumar.
“Any threat actor can get those card details and cause financial loss to the owners of the payment cards. The banks who are the issuer of the card may face big reputation damages too.”
Technisanct CEO immediately notified the Computer Emergency Response Team (CERT) in each country and advised them to take action.
One of the allegedly affected banks, CIMB Group Holdings said it had “no credible evidence that any actionable customer data has been compromised from us.”
“CIMB takes data privacy and protection seriously and has taken the necessary security measures to ensure all customers’ personal information remain secured. We continuously monitor all avenues to ensure that our customer data remains protected where possible.”