Business
Yes Bank Under Scanner As RBI Summons Executives Over Forex Card Breach
Last Updated:
RBI has summoned senior officials of Yes Bank following a major data breach involving the Yes Bank–BookMyForex multi-currency forex card
Reserve Bank of India headquarters in Mumbai.
The Reserve Bank of India (RBI) has summoned senior officials of Yes Bank following a major data breach involving the Yes Bank–BookMyForex multi-currency forex card, two people aware of the development told The Economic Times (ET).
According to the report, card details and CVV numbers of several users were allegedly compromised. The central bank has sought a detailed explanation from the bank on how its systems may have been breached and the sequence of events that led to the exposure of sensitive customer data.
“The RBI has sought a comprehensive briefing from Yes Bank’s senior management on the root cause of the breach, the timeline of events, and the adequacy of the bank’s cybersecurity framework,” one of the persons cited by ET said. “The regulator wants clarity on how sensitive card data, including CVV numbers, may have been exposed and what immediate containment measures have been implemented.”
Yes Bank declined to comment on the RBI’s queries but said an internal investigation had identified fraudulent transactions involving 15 merchants in a Latin American country on February 24. Transactions worth Rs 2.54 crore were approved across 5,000 customers, while 688 unauthorised attempts amounting to around Rs 90 lakh were blocked. The bank said it is working with the card network to initiate chargebacks and ensure that affected customers do not face financial losses.
Separately, BookMyForex said it does not store customers’ sensitive card information and that its systems were neither breached nor compromised during the period in question.
The RBI has also sought details on how sensitive card data—particularly CVVs—was stored and protected, whether encryption and prescribed security protocols were followed, and why existing cyber controls failed to prevent the breach. In addition, the regulator is reviewing the timeline of detection and reporting, the robustness of third-party risk management and oversight, the number of customers impacted, and the steps taken to block cards, prevent misuse and mitigate losses. It has also asked for clarity on internal accountability, supervisory lapses and remedial measures to prevent a recurrence, ET reported.
Follow News18 on Google. Join the fun, play games on News18. Stay updated with all the latest business news, including market trends, stock updates, tax, IPO, banking finance, real estate, savings and investments. To Get in-depth analysis, expert opinions, and real-time updates. Also Download the News18 App to stay updated.
February 26, 2026, 07:53 IST
Read More