-
A threat actor using the pseudonym 0xSec has posted a dataset they claim includes nearly 638,000 customer records from India’s Federal Bank.
-
They also mentioned that this dataset is part of the ransomware claim the Bashe group made a year ago, when they indicated the same number of customer records had been stolen.
-
There’s no evidence of any new breach affecting Federal Bank, raising questions about the source of the alleged data leak.
A hacker is reportedly selling what looks like a massive batch of Federal Bank customer data.
The threat actor’s post suggests that the leaked data supposedly came from a ransomware incident that previously hit the bank.
But for now, there’s no proof to ascertain whether this is true or false.
Threat Actor Pushes Alleged Bank Data
Someone using the name 0xSec started distributing a dataset they claim belongs to Federal Bank, one of India’s largest private banks.
The actor says the file contains 637,895 customer records. They converted the data into Newline Delimited JSON or NDJSON files. A small sample has been shared to back up the claim.
If real, the exposed information is deeply personal. According to reports, the data set contains the names, identification numbers and birth dates of customers.
Additionally, it has PAN numbers, Aadhaar numbers & passport information. The data set also includes driver’s licenses, voter IDs, phone numbers, e-mail addresses and complete home addresses.
The combination of these sources would provide identity thieves with a treasure chest of information, allowing them to easily open fraudulent accounts and circumvent almost any security measures in place. A victim may experience many months of cleaning up the damage caused.
Link to Previous Ransomware Incident
The latest leak appears to be related to a previous threat from months ago, when the Bashe ransomware gang listed the Federal Bank on their leak site. The group claimed they obtained 637,895 entries and added a specified payment deadline for Federal Bank to pay the ransom, else they’ll disclose the contents of the database.
The number of the current entries is very similar to what was in Bashe’s threat. So we suspect that 0xSec extracted his records from that leak. However, this does not necessarily mean that Federal Bank has experienced a second breach.
It is not uncommon for previously leaked data to resurface again at some later date, as threat actors frequently repackage the data they have stolen months or even years later to resell, trade, or give it away to enhance their reputation. Oftentimes, they use new labels on the data or use data from entirely different breaches and pass it off as new.
Questions About Where the Data Really Came From
It has not been proven that the database is actually the Federal Bank‘s customer records. When Bashe made the claim, the threat intelligence group Hackmanac challenged it. They said they discovered that the data sample appears to be a remnant from the 2022 data breach of Fedfina Financial Services, a partner of the Federal Bank, and not the bank itself.
If Hackmanac’s findings are true, then it means the data currently in circulation may not even be from a new breach but rather recycled from an older, entirely different breach.
Unverified claims are common in the underground data market. Israeli bank card data was also leaked on Telegram, another example of financial data breaches that require careful verification. For now, no forensic analysis of the data has surfaced and Federal Bank itself hasn’t made a public statement regarding any attack.
Without any independent proof, the claim is just what it is, a claim. But silence doesn’t automatically mean safety. Everyone connected to Federal Bank should still take appropriate measures to safeguard their account and their personal info.
Why this Data Matters
In India, government IDs such as PAN and Aadhaar numbers are used for verifying customers. Tax officials rely on them. Exposing those numbers creates serious risks.
Even a partial leak could fuel phishing campaigns. Criminals could call victims using real details to sound convincing. They could try to take over existing accounts or open new ones.
Basic contact lists are bad enough. This alleged dataset goes far beyond names and emails. The presence of passport numbers and voter IDs makes it much more dangerous.
Researchers will now chase a few key answers. First, can anyone verify the sample data belongs to Federal Bank customers? Second, are the records recent or from an old incident? Third, does the full dataset match what 0xSec promises?
Confirmation could come from multiple places. Affected customers might spot their own information. Independent researchers could trace the data to its real source. Regulators or the Federal Bank itself might issue a statement.
Until then, treat the leak with healthy skepticism. The threat is possible but not proven. The story is real. The breach behind it? That part remains uncertain.
