1. What was the cause of the breach?
2. Do you monitor 0days? For 3rd party software.
3. Do you have cybersecurity officer at SBI or you using outsourcing services?
4. What are your plans to avoid situations like this in the future? ( Forum software should be updated immediately after CVE/hotfix release)
5. When can we expect 2FA (tools.ietf.org/html/rfc6238) commonly used solution to be implemented?
This forum software is incredibly old, and most likely hasn't been updated in months prior to this breach.
Also, this does not just affect the forums, passwords are linked to both game accounts and website. This needs to be directed as a full DB breach, and not downplayed as a "small forum data breach".