Indian banks reported 248 successful data breaches by hackers and fraudsters between June 2018 and March 2022, the government told the Parliament.
Union Minister of State for Finance Bhagwat Karad told Parliament that most of these data breaches were related to card data breaches and theft of business and non-business data.
The minister said that out of a total of 248 successful data breaches, 41 were reported by public sector banks, private sector banks reported 205 data attacks and foreign banks suffered two.
Responding to questions about data protection in the banking and insurance sectors, Karad said the Reserve Bank of India (RBI) has informed the Center that it has issued guidelines on the cybersecurity framework for Scheduled Commercial Banks (SCB), whereby banks are required to implement cybersecurity and IT (information technology) controls, among other things, for prevention of data leakage from its systems.
“Banks have also been directed to strengthen IT risk governance framework which mandates active role by their Chief Information Security Officer besides an active involvement of the Board / IT committee of the Board in ensuring compliance with the required standards,” Karad said.
In case of violation, RBI may bring to the attention of the bank concerned together with the bank’s management to take corrective action within the stipulated time. In addition, the RBI may advise the management and board of the bank to investigate and take action against the necessary employees and senior officials within a specified period.
In addition, enforcement action can also be taken in the form of imposition of monetary penalty for violation of norms.