A huge data breach at a major Indian financial firm has revealed the details of the details, including the identities of users of its email services.
The breach was reported to the cyber security firm Symantec in September.
In its annual report to the Government of India, Symantech says it uncovered the breach at the financial services company, Niti Aayog, after identifying the identity of users in the Indian Banking System (IBS) that were exposed to the breach.
“The breach was discovered when Niti was conducting a cyber risk assessment on the vulnerability of the system,” the report says.
The report notes that the Niti IBS was used by the bank’s clients to access sensitive information such as payment transactions, financial data and customer account data.
The Niti account numbers were stored in the system and the company was not able to recover them.
“These were not disclosed to Niti.
As a result, the customers who used the NITI Aayogi account for payment transactions were exposed,” it says.
“While we do not know the exact amount of data accessed, the breach was larger than our expectation.
We have no evidence of financial losses or breaches at any of our customers.”
Symantek says the breach affected a database containing over 1.8 million accounts and 2.7 million user names and passwords.
It says the NITS had no knowledge of the data being accessed or the names of users.
The firm says it has issued a security advisory to customers to protect against similar data breaches.
The Indian Government said in a statement to The Times Of India that it was “aware of the issue and is currently investigating the issue”.
A statement issued by Niti said it was investigating the matter and has initiated a full audit.
It said the breach occurred in October 2017, but that “we are not aware of any data breaches involving the NIST database”.
Symantack also said that it has already implemented measures to prevent data breaches in the future.
“We have implemented safeguards to ensure that no data can be accessed in the NIS system without our authorization and we are currently implementing safeguards to prevent any data breach in the next 12 months,” it said.
“NITI, a leading global technology company, is an innovator in digital security and is committed to making its customers more secure and secure by ensuring that their personal data is protected and that it is encrypted,” the statement added.
The security firm says that NITIs data was accessed “in breach of the security of sensitive data and user data”.
It says that Symantess has identified two more victims of the breach, who are currently being investigated.
Symanteback said that “there is no evidence yet that the accounts have been accessed or that the user data has been compromised”.
“Niti is an excellent company that has been a pioneer in data security, and we continue to work closely with the government and industry partners to ensure the continued security of the NISC and our customers,” it added.
Symants statement said that Niti has implemented “secure procedures and controls” to ensure its customers’ data is secure.
It added that “symantech has already issued a new security advisory for its customers and NITs customers.
NIT and Symantem will work with the Indian government to ensure data security is improved.”
It also said it is committed “to provide enhanced security to the data it holds” and “to be more transparent about the security measures implemented by Symanteks customers”.
The NIT has issued another security advisory and is “committed to enhancing its systems to detect and stop data breaches and the use of NIT information for criminal activity”.
The Government of New Delhi has also asked Symantes services to provide “appropriate safeguards” to the NISA database to ensure “that the NISS and NITS databases are not accessed or compromised”.
The Information Technology and Innovation Ministry has also issued an advisory and said that there is no security breach in NIT’s data and that Symants customers are “safe”.
The ministry has also said “it will work closely” with Symantems security team and said “we have a process in place to ensure security in the data stored by NITis services”.
Symants has also been contacted for comment.
Symanticech has said that its security team has “detected multiple breaches of the customer database that resulted in the loss of customer data”.
The company has also added that its own data security measures have been improved since the breach and “are in place for every NISA account, and for all customers that use Symantepys services”.
“Our data is in compliance with all relevant security requirements in the countries where we operate,” it wrote in a blog post.
“As SymantECs data security teams have found, data breaches happen in the world of financial services and we take them very seriously.
If we do get any data leakage from our systems, we will immediately