New Delhi: The financial data of Indian bank customers were being shared with the US intelligence agencies routinely by Microsoft, said an exclusive report by DNA Money. A document related to Reserve Bank of India (RBI)’s risk observation revealed that customers’ data with banks that have migrated to Microsoft Office 365 cloud-based email service was shared with US agencies.

As per reports, though customers weren’t aware that their personal details were being compromised, Indian banks were. The RBI has sought a response from the banks’ audit committees and has also flagged the data sharing by the service provider in its Risk Assessment Report (RAR).

The RBI stated, “All the mailboxes had been migrated to office 365 Microsoft cloud environment. It was gathered from the Microsoft transparency hub that Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.”

The report said Microsoft had disclosed information on at least 3,036 occasions after more than 4,000 government requests or legal demand requests for Indian customers in the US. Reportedly, banks have entered a deal with Microsoft regarding the data sharing of their customers wherein the latter will only share the bank customers’ data if the order was issued by the Indian government or an Indian court.

As reported by Microsoft, more than 100 million people use Office 365 commercial. Citing privacy as their foremost concern, Microsoft spokesperson told DNA Money, “No government has direct access to any of our users’ data. Data privacy is a top priority for us. We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and considered legally appropriate and consistent with the rule of law and our Microsoft principles.”

“Absent extraordinary circumstances, in the vast majority of cases we redirect governments to seek data directly from commercial customers or to allow us to tell our commercial customers when the government seeks their data.”

Meanwhile, banks such as State Bank of India (SBI) and Bank of Baroda too responded to how Indian customers’ bank details could have been disclosed by their email provider, Microsoft, in the last five years, that is, from 2014-18. While SBI said that zero information was requested by US agencies regarding customers’ financial details, Bank of Baroda maintained a calm approach by stating that protecting the interests of their customers is of paramount importance to them.