India's ICICI Bank exposed thousands of credit cards to 'wrong' users

Jagmeet Singh
Updated ·2 min read

ICICI Bank, one of India's top private banks, exposed the sensitive data of thousands of new credit cards to customers who were not their intended recipients.

The Mumbai-based bank confirmed to TechCrunch Thursday that its digital channels "erroneously mapped" about 17,000 credit cards issued in the past few days to "wrong" users. The issue came to light after some customers raised concerns on social media about the bank's iMobile Pay app exposing unknown customers' credit card details, including their full number and card verification value (CVV).

"Our customers are our utmost priority, and we are wholeheartedly dedicated to safe guarding their interests," Kausik Datta, corporate communications head at ICICI Bank, said in a statement emailed to TechCrunch. "We regret the inconvenience caused. No instance of misuse of a card from this set has been reported to us. However, we assure that the Bank will appropriately compensate a customer in case of any financial loss."

The spokesperson added that the number of impacted credit cards constituted about 0.1% of the bank's credit card portfolio.

As reported by the finance-related forum Technofino, sensitive data such as the full card number, expiry date and CVV of unknown customers' credit cards suddenly appeared for some users on the iMobile Pay app.

"I have access to someone else's Amazon Pay CC due to a security glitch on the iMobile app. Although OTP restricts domestic transactions, but I can do international transactions using the details from the iMobile app," one of the users wrote on the forum.

The bank spokesperson told TechCrunch it blocked the affected cards and is issuing new cards to customers.

ICICI Bank, which has more than 6,000 branches in India, is in 17 countries worldwide. The iMobile Pay app, launched in 2008, has over 28 million users.