Yes Bank data breach row deepens, Reserve Bank of India summons senior officials

New Delhi (The Uttam Hindu): After the issue involving IDFC First Bank, another case of alleged irregularities has surfaced at Yes Bank. Following reports of a major data breach linked to the Yes Bank–BookMyForex multi-currency forex card, the Reserve Bank of India has summoned senior bank officials. Authorities suspect that sensitive details, including card numbers and CVV codes of several customers, may have been compromised. The RBI has sought a detailed explanation on how the security lapse occurred and how customer information was exposed.

According to reports, the regulator has asked the bank to clarify the extent of the breach and the measures taken to contain the damage. An internal review conducted on February 24 identified suspicious transactions involving 15 merchants in a Latin American country. Around ₹2.54 crore worth of transactions affecting nearly 5,000 customers were processed, while about 688 unauthorized attempts amounting to roughly ₹90 lakh were successfully blocked. The bank has begun the chargeback process with the card network to ensure that customers do not suffer financial losses. Meanwhile, BookMyForex stated that it does not store sensitive card information and that its systems were not compromised.

The RBI has also asked the bank to provide details on how sensitive card data, particularly CVV numbers, was stored and secured, and whether proper encryption and security protocols were followed. The regulator has sought information on why existing cybersecurity systems failed to detect the breach in time, the timeline for reporting the incident, and the effectiveness of third-party risk management systems. It has also requested data on the total number of affected customers and the steps taken to block cards, prevent misuse and limit losses.