India’s central bank mandated the use of .bank domains by financial institutions to enhance security and consumer trust, but the registry operator subsequently experienced a data leak exposing sensitive information. The incident highlights a disconnect between regulatory security requirements and the actual security practices of domain registry operators. Details regarding the scope and nature of the leaked data were not specified in the available summary.