If you’re experiencing this problem with this brand or any other company, submit your complaint and we may feature it on Choice4Voice.com.
Submit your complaint →Chartered Accountant Abhisek Ram alleges that ICICI Bank and HDFC Bank leaked his personal loan data to third-party lenders. Learn how to protect your financial information and file a privacy complaint under Indian law.
Complaint Summary
| Field | Details |
|---|---|
| Complainant Name | CA Abhisek Ram |
| Profession | Chartered Accountant |
| Companies Complained Against | ICICI Bank and HDFC Bank |
| Complaint Type | Data privacy breach / unauthorised sharing of customer information |
| Incident Description | After applying for a personal loan, Abhisek received multiple calls from other banks and NBFCs referencing his exact loan requirement. One caller admitted obtaining his number from “ICICI Bank’s data book.” |
| Primary Issue | Violation of data confidentiality and customer consent |
| Platform Raised On | |
| Date of Complaint | October 2025 |
| Expected Resolution | Investigation into data leak and assurance of data protection by both banks |
Full Complaint Details
CA Abhisek Ram, a Chartered Accountant and finance professional, recently applied for a personal loan with ICICI Bank and HDFC Bank.
Within hours, his phone began to receive multiple unsolicited calls from different banks and NBFCs offering identical loan products. What raised suspicion was that each caller already knew his exact loan requirement information that should have remained private.
When he asked one of the callers how they had obtained his details, the representative reportedly said, “Sir, we got your number from ICICI Bank’s data book.”
This alarming statement indicates a potential data-sharing or leakage incident, raising serious questions about how banks handle customers’ personal and financial information.
CA Abhisek Ram emphasized that this was not just an issue of inconvenience but of ethics, consent, and trust. He urged financial institutions to treat data protection with the same seriousness as loan recovery and compliance.
How Choice4Voice.com Can Help
At Choice4Voice.com, we support consumers who experience misuse of their personal or financial data. Our team can help you:
- Verify and publish your complaint to create public accountability.
- Guide you step-by-step in filing a data-privacy and cyber-security complaint.
- Provide pre-drafted email templates to escalate cases with banks, RBI, and the Ministry of Electronics & IT.
- Assist in approaching the RBI Ombudsman and Data Protection Authority of India (DPDP Act 2023).
Submit your issue at Choice4Voice.com/submit-complaint.
Applicable Laws and Authorities
| Issue Type | Legal Provision / Authority | Where to File / Contact |
|---|---|---|
| Data privacy breach | Digital Personal Data Protection Act 2023 (DPDP Act) | https://www.meity.gov.in |
| Unauthorised data sharing | Section 72A, Information Technology Act 2000 | Cyber Crime Portal – https://cybercrime.gov.in |
| Bank misconduct / privacy violation | RBI Master Direction on Customer Protection | RBI Ombudsman – https://cms.rbi.org.in |
| Consumer rights violation | Consumer Protection Act 2019 | https://edaakhil.nic.in |
| Telemarketing harassment | TRAI Regulations / DND Registry | Dial 1909 or use TRAI DND app |
Step-by-Step Guide to Report Data Leakage by Banks
Step 1 – Write to ICICI and HDFC Bank Grievance Officers
Email Format:
Subject: Complaint Regarding Unauthorised Sharing of Personal Data
Dear [Bank Name] Grievance Officer,
I recently applied for a personal loan through your bank and subsequently received numerous unsolicited calls from other financial institutions offering similar products, citing my loan details. This indicates a data-privacy breach.
Please investigate this incident urgently and confirm what measures are being taken to secure customer data and prevent further misuse.
Regards,
[Your Full Name]
[City, Date]
Official Emails:
- ICICI Bank – headservicequality@icicibank.com
- HDFC Bank – grievance.redressal@hdfcbank.com
Step 2 – Escalate to RBI Ombudsman
Visit cms.rbi.org.in → select “Banking Service – Data Privacy Violation” → submit details and attach supporting evidence (screenshots, caller numbers, call logs).
Step 3 – File Cybercrime Complaint
Go to cybercrime.gov.in → choose “Online Financial Fraud / Data Breach” → provide incident summary and upload proof.
Step 4 – Approach the Consumer Forum
If the bank does not respond within 30 days, lodge a case on edaakhil.nic.in claiming:
- Compensation for mental harassment.
- Assurance of data deletion from third-party records.
- Written apology and systemic correction.
About ICICI Bank and HDFC Bank
- ICICI Bank, established in 1994, is India’s second-largest private bank headquartered in Mumbai.
- HDFC Bank, founded in 1994, is India’s largest private sector bank by assets.
Both institutions are governed by the RBI Master Direction on Customer Protection (2022), which mandates strict confidentiality of customer information and explicit consent for data sharing.
Frequently Asked Questions (Q & A)
- What constitutes a data privacy breach by a bank?
Any unauthorised sharing or exposure of your personal or financial details without consent. - Can banks legally share my loan application details with others?
No, not without your written authorisation under the DPDP Act and RBI guidelines. - How can I prove a data leak?
Maintain records of unsolicited calls, SMS, and emails received after your loan application. - Is data leak a criminal offence in India?
Yes. Section 72A of the IT Act 2000 prescribes penalties and imprisonment for unauthorised data disclosure. - What is the penalty for violating the DPDP Act 2023?
Up to ₹250 crore fine per instance of non-compliance. - Can Choice4Voice.com help escalate data privacy cases?
Yes, Choice4Voice publishes verified cases and guides consumers through official redressal channels. - How long does the RBI Ombudsman take to resolve privacy complaints?
Usually 30 to 45 days, depending on evidence and case complexity. - Is it safe to apply for loans online through aggregators?
Only if the platform is RBI-registered and explicitly states its data usage policy. - Can I demand data deletion from the bank?
Yes. Under the DPDP Act, you can formally request erasure of personal data. - What evidence should I attach in a privacy complaint?
Screenshots of calls, numbers, emails, and timestamps after your application. - Who is the Data Protection Officer for ICICI Bank?
Email – dataprivacy@icicibank.com - Who is the Data Protection Officer for HDFC Bank?
Email – privacy@hdfcbank.com - Can I file a joint complaint against both banks?
Yes, if you suspect both institutions handled your data without consent. - What is the role of RBI in protecting bank customer data?
RBI ensures banks follow confidentiality norms and takes disciplinary action for violations. - How to verify if a caller is genuine?
Genuine bank representatives use official emails and registered numbers listed on the bank’s website. - Can I claim compensation for data misuse?
Yes, through consumer court under “Deficiency of Service.” - How to opt out of marketing calls from banks?
Register your number on TRAI’s National Do Not Call Registry (1909). - What is the difference between a data leak and data sharing with consent?
Data leak = unauthorised disclosure; consent sharing = user approved use for specific purpose. - Can data privacy breaches impact bank reputation?
Yes, RBI may impose penalties and restrict operations for repeated breaches. - How does Choice4Voice.com ensure consumer awareness?
By publishing verified complaints and educating users about legal rights and remedies.
