everest attacks IDFC FIRST Bank

Incident Date:

March 7, 2022

World map



everest attacks IDFC FIRST Bank






Jalandhar, India

Punjab, India

First Reported

March 7, 2022

IDFC FIRST Bank Targeted by Everest Ransomware Group

Company Overview

IDFC FIRST Bank, established in 2018, is a universal bank headquartered in Mumbai, India, offering a wide range of personal banking services. These services include personal accounts, loans, investments, and payments solutions, tailored to meet the diverse needs of its customers. The bank has been acknowledged for its digital innovation, securing the title of 'Best Digital Bank' for the year 2021-2022 by Financial Express India's Best Banks Awards 2023.

Vulnerabilities and Targeting

The precise vulnerabilities exploited in the attack on IDFC FIRST Bank by the Everest ransomware group have not been publicly disclosed. Despite the bank's assertion of maintaining the highest security standards and the resilience of its systems, the attackers have reportedly leaked a zip archive containing approximately 230MB of data. This data allegedly includes customer information, documents, copies of loan agreements, and other sensitive documents, indicating a significant breach of security.

The incident underscores the persistent cyber threats facing the financial sector and the importance of continuous vigilance and investment in advanced cybersecurity measures. Financial institutions, regardless of their security posture, remain prime targets for cybercriminals, emphasizing the need for robust security frameworks to safeguard sensitive customer information and maintain trust.


  • From Kotak Life Insurance And IDFC First Bank To State Bank Of India And Turtlemint, BFSI Is Under Cyberattack - Forbes India. URL: Forbes India Article
  • Indian bank IDFC denies it was affected by Windows ransomware. URL: DataBreaches.net Article
  • Hackers Claim to Possess Database of IDFC First Bank - Privacy Affairs. URL: Privacy Affairs Article

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.