ICICI Bank
Company Details
Linkedin ID:
icici-bank
Website:
Employees number:
164,277
Number of followers:
3,618,962
NAICS:
52211
Industry Type:
Homepage:
icicibank.com
IP Addresses:
0
Company ID:
ICI_1472921
Scan Status:
In-progress
ICICI Bank Company CyberSecurity Posture
icicibank.com
ICICI Bank is one of India’s leading private sector banks, offering a wide range of banking products and services to corporate, Small and Medium Enterprises (SME) and individual customers across the country. The Bank offers multi-channel touch points including branches, ATMs, mobile banking, internet banking, and phone banking. The Bank has a network of 6,742 branches and 16,277 ATMs and cash recycling machines across India, as at December 31, 2024. For any assistance on products and services, please call ICICI Bank’s customer care number 1800 1080. Disclaimer: The content herein is only for information and does not amount to an offer, invitation or solicitation to buy or sell, and is not intended to create any rights or obligations. It is also not intended for distribution to, or use by, any person in any jurisdiction where such distribution or use would be contrary to law or would subject ICICI Bank Limited (“ICICI Bank”) or its affiliate(s) to any licensing or registration requirements. Nothing contained herein is intended to constitute advice or opinion; please obtain professional advice before relying on any information contained herein. ICICI Bank disclaims any liability with respect to accuracy of information or any error or omission or any loss or damage incurred by anyone in reliance on the contents herein.
ICICI Bank A.I CyberSecurity Scoring
ICICI Bank Risk Score (AI oriented)Between 800 and 849
ICICI Bank
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ICICI Bank Global Score (TPRM)XXXX
ICICI Bank
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ICICI Bank Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
ICICI Bank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Multinational ICICI Bank suffered from a data breach incident that exposed sensitive data, including financial information and personal documents of the bank’s clients. Bank account informationa, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification cards, and resumes of workers and applicants were among the information that was exposed. Cybernews contacted ICICI Bank and CERT-IN, and the company fixed the issue.
ICICI Bank
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Several Indian banks have taken drastic steps in response to a security breach that may have compromised up to 3.25 million debit cards—or 0.5% of the approximately 700 million debit cards that Indian banks have issued. The financial institution is Hitachi Payment Services, a subsidiary of Hitachi Ltd. that oversees ATM network processing for Yes Bank Ltd., according to banking industry insiders. After that, the State Bank of India quickly disabled a few clients' debit cards, and it was currently replacing those cards to stop fraud. The top three private sector lenders, ICICI Bank, HDFC Bank, and Axis Bank, each stated in separate announcements that there may have been card account breaches following usage at non-bank ATMs. Additionally, certain consumers' debit cards are being reissued by Standard Chartered's Indian division.
ICICI Bank Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ICICI Bank
Incidents vs Banking Industry Average (This Year)
No incidents recorded for ICICI Bank in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for ICICI Bank in 2025.
Incident Types ICICI Bank vs Banking Industry Avg (This Year)
No incidents recorded for ICICI Bank in 2025.
Incident History — ICICI Bank (X = Date, Y = Severity)
ICICI Bank cyber incidents detection timeline including parent company and subsidiaries
ICICI Bank Company Subsidiaries
ICICI Bank is one of India’s leading private sector banks, offering a wide range of banking products and services to corporate, Small and Medium Enterprises (SME) and individual customers across the country. The Bank offers multi-channel touch points including branches, ATMs, mobile banking, internet banking, and phone banking. The Bank has a network of 6,742 branches and 16,277 ATMs and cash recycling machines across India, as at December 31, 2024. For any assistance on products and services, please call ICICI Bank’s customer care number 1800 1080. Disclaimer: The content herein is only for information and does not amount to an offer, invitation or solicitation to buy or sell, and is not intended to create any rights or obligations. It is also not intended for distribution to, or use by, any person in any jurisdiction where such distribution or use would be contrary to law or would subject ICICI Bank Limited (“ICICI Bank”) or its affiliate(s) to any licensing or registration requirements. Nothing contained herein is intended to constitute advice or opinion; please obtain professional advice before relying on any information contained herein. ICICI Bank disclaims any liability with respect to accuracy of information or any error or omission or any loss or damage incurred by anyone in reliance on the contents herein.
Loading...
ICICI Bank Similar Companies
FAB, the UAE’s largest bank and one of the world’s largest financial institutions offers a an extensive range of tailor-made solutions, and products and services, to provide a customised banking experience. Through its strategic offerings, it looks to meet the banking needs of customers across the w
Allied Bank Limited
Allied Bank is one of Pakistan's leading banks, with a vision to become a dynamic and efficient institution providing integrated solutions, aiming to be the first choice for customers. Currently, the bank maintains a country-wide network of over 1,400 branches and more than 1,560 ATMs. To protect y
Bank of Communications Co., Ltd. London Branch
Founded in 1908, Bank of Communications Co., Ltd. ("the Bank") is one of the oldest banks in China as well as one of the note-issuing banks in modern China. The Bank was listed on the Hong Kong Stock Exchange in June 2005 and on the Shanghai Stock Exchange in May 2007. The Bank currently has 18
Kotak Mahindra Bank
About Kotak Mahindra Group: Established in 1985, the Kotak Mahindra Group is one of India’s leading financial services conglomerates. In February 2003, Kotak Mahindra Finance Ltd. (KMFL), the Group’s flagship company, received a banking license from the Reserve Bank of India (RBI). With this, KMF
Garanti BBVA
With a digitalization and people oriented vision, we contribute to our economy and society. We make great efforts to help you make the best financial decisions by offering you the opportunities of the future with our dynamic business model, pioneering technology and innovative products and services.
PT Bank Danamon Indonesia Tbk
PT Bank Danamon Indonesia Tbk (BEI: BDMN) didirikan pada tahun 1956. Per 31 Desember 2024, Danamon mengelola aset konsolidasian sebesar Rp242 triliun dengan anak perusahannya, Adira Finance. Dalam hal kepemilikan saham, 92,47% saham Danamon dimiliki oleh MUFG, dan 7,53% lainnya dimiliki oleh publik.
Sberbank
Сбер — крупнейший банк в России, поставщик надёжных технологических решений и один из ведущих финансовых институтов страны. Мы не боимся меняться и открывать новые горизонты, но в то же время остаёмся верными принципам, сформированным за нашу 180-летнюю историю. Такой подход позволяет нам создавать
Indian Bank
Established in 1907, today, we are a family of over 141 million customers and 40000 staff members. With a 100% CBS network of 6000+ branches and 5400+ ATMs and BNAs, Indian Bank has a wide national footprint, besides foreign branches in Singapore and Colombo, along with arrangements with 640 Oversea
Rabobank
Rabobank is a cooperative bank with a mission. Our goal: to help customers realize their ambitions. We serve about 10 million customers in 47 countries. As an international financial institution, we work on the well-being and prosperity of millions of people. In the Netherlands, we serve individual
.png)
ICICI Bank CyberSecurity News
November 05, 2025 08:00 AM
RBI’s major move, banks to benefit significantly
RBI New Rule: The Reserve Bank of India has directed Indian banks to migrate their net banking websites to the '.bank.in' domain.
November 01, 2025 07:00 AM
Bank Domain Change Alert: Many banks, including SBI, PNB, HDFC, ICICI, have changed their website domains; ...
Now, if you're going to open your bank's website, pay close attention, because the addresses of banking websites are no longer the same.
October 31, 2025 07:00 AM
Indian banks begin switch to .bank.in domain to meet RBI’s cybersecurity deadline
The digital landscape of Indian banking is undergoing a huge security-focused shift right now, as Reserve Bank of India's (RBI) directive...
October 31, 2025 07:00 AM
SBI, PNB, HDFC Bank & others have changed their website domain names on RBI’s instructions; Is your bank a
Indian banks must shift their net banking websites to the new '.bank.in' domain by October 31, 2025. This move by the Reserve Bank of India...
October 31, 2025 07:00 AM
New RBI rule: Banks move to secure ‘.bank.in’ domains to curb online fraud
Under the new rule, only RBI-regulated banks can register and use the '.bank.in' domain.
October 31, 2025 07:00 AM
Banks shift to ".bank.in" domain to boost cybersecurity
The Reserve Bank of India (RBI) has directed all banks to shift their official websites to the '.bank.in' domain, aiming to enhance...
September 16, 2025 07:00 AM
BOBCARD names Arnab Biswas as Chief Information Security Officer
BOBCARD, a non-banking financial company wholly owned by Bank of Baroda, has named Arnab Biswas as its new Chief Information Security...
August 31, 2025 07:00 AM
RBI Deputy Governor Rao flags off a walkathon on cyber security awareness
Reserve Bank of India Deputy Governor M Rajeshwar Rao on Sunday emphasized that banking services, including digital platforms, are designed...
August 14, 2025 07:00 AM
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ICICI Bank CyberSecurity History Information
Official Website of ICICI Bank
The official website of ICICI Bank is https://www.icicibank.com.
ICICI Bank’s AI-Generated Cybersecurity Score
According to Rankiteo, ICICI Bank’s AI-generated cybersecurity score is 801, reflecting their Good security posture.
How many security badges does ICICI Bank’ have ?
According to Rankiteo, ICICI Bank currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does ICICI Bank have SOC 2 Type 1 certification ?
According to Rankiteo, ICICI Bank is not certified under SOC 2 Type 1.
Does ICICI Bank have SOC 2 Type 2 certification ?
According to Rankiteo, ICICI Bank does not hold a SOC 2 Type 2 certification.
Does ICICI Bank comply with GDPR ?
According to Rankiteo, ICICI Bank is not listed as GDPR compliant.
Does ICICI Bank have PCI DSS certification ?
According to Rankiteo, ICICI Bank does not currently maintain PCI DSS compliance.
Does ICICI Bank comply with HIPAA ?
According to Rankiteo, ICICI Bank is not compliant with HIPAA regulations.
Does ICICI Bank have ISO 27001 certification ?
According to Rankiteo,ICICI Bank is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of ICICI Bank
ICICI Bank operates primarily in the Banking industry.
Number of Employees at ICICI Bank
ICICI Bank employs approximately 164,277 people worldwide.
Subsidiaries Owned by ICICI Bank
ICICI Bank presently has no subsidiaries across any sectors.
ICICI Bank’s LinkedIn Followers
ICICI Bank’s official LinkedIn profile has approximately 3,618,962 followers.
NAICS Classification of ICICI Bank
ICICI Bank is classified under the NAICS code 52211, which corresponds to Commercial Banking.
ICICI Bank’s Presence on Crunchbase
Yes, ICICI Bank has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/icici-bank.
ICICI Bank’s Presence on LinkedIn
Yes, ICICI Bank maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/icici-bank.
Cybersecurity Incidents Involving ICICI Bank
As of December 11, 2025, Rankiteo reports that ICICI Bank has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
ICICI Bank has an estimated 6,988 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at ICICI Bank ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does ICICI Bank detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cert-in, and containment measures with disabling debit cards, containment measures with reissuing debit cards..
Incident Details
Can you provide details on each incident ?
Title: ICICI Bank Data Breach
Description: Multinational ICICI Bank suffered from a data breach incident that exposed sensitive data, including financial information and personal documents of the bank’s clients.
Type: Data Breach
Title: Security Breach at Indian Banks Compromising Debit Cards
Description: Several Indian banks have taken drastic steps in response to a security breach that may have compromised up to 3.25 million debit cards—or 0.5% of the approximately 700 million debit cards that Indian banks have issued. The financial institution is Hitachi Payment Services, a subsidiary of Hitachi Ltd. that oversees ATM network processing for Yes Bank Ltd., according to banking industry insiders. After that, the State Bank of India quickly disabled a few clients' debit cards, and it was currently replacing those cards to stop fraud. The top three private sector lenders, ICICI Bank, HDFC Bank, and Axis Bank, each stated in separate announcements that there may have been card account breaches following usage at non-bank ATMs. Additionally, certain consumers' debit cards are being reissued by Standard Chartered's Indian division.
Type: Data Breach
Attack Vector: ATM Network Processing
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ICI2129523
Data Compromised: Bank account information, Bank statements, Credit card numbers, Full names, Dates of birth, Home addresses, Phone numbers, Emails, Personal identification cards, Resumes of workers and applicants
Incident : Data Breach ICI173751123
Data Compromised: Card account information
Systems Affected: ATM Network
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Bank Account Information, Bank Statements, Credit Card Numbers, Full Names, Dates Of Birth, Home Addresses, Phone Numbers, Emails, Personal Identification Cards, Resumes Of Workers And Applicants, and Card Account Information.
Which entities were affected by each incident ?
Incident : Data Breach ICI2129523
Entity Name: ICICI Bank
Entity Type: Financial Institution
Industry: Banking
Location: Multinational
Incident : Data Breach ICI173751123
Entity Name: Hitachi Payment Services
Entity Type: Financial Institution
Industry: Finance
Location: India
Customers Affected: 3.25 million
Incident : Data Breach ICI173751123
Entity Name: State Bank of India
Entity Type: Bank
Industry: Finance
Location: India
Incident : Data Breach ICI173751123
Entity Name: Yes Bank Ltd.
Entity Type: Bank
Industry: Finance
Location: India
Incident : Data Breach ICI173751123
Entity Name: ICICI Bank
Entity Type: Bank
Industry: Finance
Location: India
Incident : Data Breach ICI173751123
Entity Name: HDFC Bank
Entity Type: Bank
Industry: Finance
Location: India
Incident : Data Breach ICI173751123
Entity Name: Axis Bank
Entity Type: Bank
Industry: Finance
Location: India
Incident : Data Breach ICI173751123
Entity Name: Standard Chartered's Indian division
Entity Type: Bank
Industry: Finance
Location: India
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ICI2129523
Third Party Assistance: Cert-In.
Incident : Data Breach ICI173751123
Containment Measures: Disabling Debit CardsReissuing Debit Cards
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through CERT-IN, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ICI2129523
Type of Data Compromised: Bank account information, Bank statements, Credit card numbers, Full names, Dates of birth, Home addresses, Phone numbers, Emails, Personal identification cards, Resumes of workers and applicants
Sensitivity of Data: High
Incident : Data Breach ICI173751123
Type of Data Compromised: Card Account Information
Number of Records Exposed: 3.25 million
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabling debit cards, reissuing debit cards and .
References
Where can I find more information about each incident ?
Incident : Data Breach ICI2129523
Source: Cybernews
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cybernews.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cert-In, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were bank account information, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification cards, resumes of workers and applicants, , Card Account Information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was ATM Network.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cert-in, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disabling Debit CardsReissuing Debit Cards.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were resumes of workers and applicants, emails, Card Account Information, dates of birth, home addresses, credit card numbers, full names, bank account information, phone numbers, personal identification cards and bank statements.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 3.2M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Cybernews.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=icici-bank' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
