Malware caused India’s biggest debit card data breach: Audit report

Hitachi Payment Services is unable to ascertain the quantum of data compromised in the debit card data breach

Gopika Gopakumar
Updated10 Feb 2017, 01:54 AM IST
While the debit card data was compromised between 21 May and 11 July 2016,  it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi. Photo: Pradeep Gaur/ Mint
While the debit card data was compromised between 21 May and 11 July 2016, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi. Photo: Pradeep Gaur/ Mint

The largest data breach in India’s banking system, which affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems, said Hitachi Payment Services Pvt. Ltd—the firm at the centre of the security breach. It said it didn’t know how much data was compromised.

Hitachi’s admission comes after payment and information security specialist, SISA Information Security Pvt. Ltd completed its audit of the payment services firm.

While the debit card data was compromised between 21 May and 11 July last year, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi.

“The malware, being sophisticated in its design, had been able to work undetected and had concealed its tracks. While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data breached during the compromise period can’t be ascertained due to secure deletion by the malware,” said Hitachi in a statement.

SISA confirmed the malware captured both the debit card number and PIN of customers who used their cards at the affected ATMs. However, financial losses were contained because the card issuing banks blocked cards and advised some customers to change their debit card PIN.

Yes Bank declined to comment in the matter.

“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards. Organizations need to pay a lot more emphasis to this than they currently do. It’s not the check-the-box approach which has been traditionally followed,” Dharshan Shanthamurthy, founder and CEO of SISA, said.

“This happened to be one such incident. With demonetization, and with an increase in the number of digital payments, such attacks are going to get worse,” he warned.

Hitachi said it has enhanced its infrastructure to prevent such frauds in the future, but concerns remain about the cyber security preparedness of the banking system.

RBI deputy governor S.S. Mundra in a 1 February speech had pointed to the need to continuously guard against such malware attacks and also report such incidents on a real-time basis.

The Hitachi breach was first detected after few banks raised an alarm over the fraudulent use of their customers’ cards in China and the US, while these customers were in India.

According to the National Payment Corp. of India, which manages RuPay cards, some 641 customers had reported losses worth Rs1.3 crore.

The SISA report comes a day after the Reserve Bank of India appointed an inter-disciplinary standing committee on cyber security.

This committee will review threats inherent in existing and emerging technology, study adoption of various security standards and protocols, interface with stakeholders and suggest appropriate policy interventions to strengthen cyber security and resilience.

Catch all the Industry News, Banking News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

MoreLess
First Published:10 Feb 2017, 01:54 AM IST
Business NewsIndustryMalware caused India’s biggest debit card data breach: Audit report

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    Zee Entertainment Enterprises share price

    122.65
    03:56 PM | 19 NOV 2024
    7.15 (6.19%)

    Tata Steel share price

    139.45
    03:59 PM | 19 NOV 2024
    -1.85 (-1.31%)

    UPL share price

    546.85
    03:48 PM | 19 NOV 2024
    10.35 (1.93%)

    Bharat Electronics share price

    278.70
    03:57 PM | 19 NOV 2024
    0.6 (0.22%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    CE Info Systems share price

    1,646.50
    03:44 PM | 19 NOV 2024
    -100.3 (-5.74%)

    Thermax share price

    4,631.70
    03:40 PM | 19 NOV 2024
    -236.25 (-4.85%)

    Max Financial Services share price

    1,190.55
    03:29 PM | 19 NOV 2024
    -47.15 (-3.81%)

    Adani Green Energy share price

    1,411.75
    03:57 PM | 19 NOV 2024
    -45.25 (-3.11%)
    More from Top Losers

    Mtar Technologies share price

    1,746.65
    03:44 PM | 19 NOV 2024
    132.45 (8.21%)

    V-Guard Industries share price

    426.95
    03:29 PM | 19 NOV 2024
    30.6 (7.72%)

    Apar Industries share price

    9,483.80
    03:40 PM | 19 NOV 2024
    668.1 (7.58%)

    Craftsman Automation share price

    4,978.00
    03:29 PM | 19 NOV 2024
    321.25 (6.9%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      77,095.00760.00
      Chennai
      77,101.00760.00
      Delhi
      77,253.00760.00
      Kolkata
      77,105.00760.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      102.92/L0.00
      Chennai
      100.80/L0.00
      Kolkata
      104.95/L0.00
      New Delhi
      94.77/L0.00

      Popular in Industry

        HomeMarketsloanPremiumMint Shorts