It has been reported in some security circles that ICICI Bank has become a victim of a ransomware attack leading to compromise of personal data of customers.
It is not clear what is the extent of the data breach. We need to await the notice to be issued by ICICI Bank. As at present there is no notice on the ICICI Website.
In the meantime it is to be noted that ICICI Bank is one of the notified Section 70 Companies under ITA 2000. Hence any attempt or unauthorized access to ICICI systems is considered as a serious offence leading to 10 years of imprisonment. It is also possible to consider this as a “Critical Digital Asset” and hence invoke Section 66F for Cyber Terrorism.
Under these sections, International cooperation for investigation should be available and the hackers should be traced and punished.
I hope the Government will take suitable action and not push it under the carpet by payment of any ransom even if ICICI Bank is prepared.
Let us wait and watch.
There is a demand from some quarters that the Government should consider “Data breach Reporting under DPDPA 2023” from a retrospective date though the rules are yet to be formally notified. This appears to be a fit case for DPB and CERT In to analyse.
Naavi
