State Bank of India failed to secure a server, leaving the financial information, such as account balances, of millions of customers exposed, according to TechCrunch.
The server, hosted in a Mumbai-based data centre, was not protected with a password, says TechCrunch, which was tipped off about the lapse by an unnamed security researcher.
This meant that anyone could see two months of data from SBI Quick, a system that lets customers request basic account information, such as recent transactions, via text or phone call.
It is not known how long the information was exposed. SBI secured the database after being contacted by TechCrunch but has not commented on its lapse.