Active Stocks
Thu Mar 28 2024 15:59:33
  1. Tata Steel share price
  2. 155.90 2.00%
  1. ICICI Bank share price
  2. 1,095.75 1.08%
  1. HDFC Bank share price
  2. 1,448.20 0.52%
  1. ITC share price
  2. 428.55 0.13%
  1. Power Grid Corporation Of India share price
  2. 277.05 2.21%
Business News/ Industry / Malware caused India’s biggest debit card data breach: Audit report
BackBack

Malware caused India’s biggest debit card data breach: Audit report

Hitachi Payment Services is unable to ascertain the quantum of data compromised in the debit card data breach

While the debit card data was compromised between 21 May and 11 July 2016, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi. Photo: Pradeep Gaur/ MintPremium
While the debit card data was compromised between 21 May and 11 July 2016, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi. Photo: Pradeep Gaur/ Mint

The largest data breach in India’s banking system, which affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems, said Hitachi Payment Services Pvt. Ltd—the firm at the centre of the security breach. It said it didn’t know how much data was compromised.

Hitachi’s admission comes after payment and information security specialist, SISA Information Security Pvt. Ltd completed its audit of the payment services firm.

While the debit card data was compromised between 21 May and 11 July last year, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi.

“The malware, being sophisticated in its design, had been able to work undetected and had concealed its tracks. While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data breached during the compromise period can’t be ascertained due to secure deletion by the malware," said Hitachi in a statement.

SISA confirmed the malware captured both the debit card number and PIN of customers who used their cards at the affected ATMs. However, financial losses were contained because the card issuing banks blocked cards and advised some customers to change their debit card PIN.

Yes Bank declined to comment in the matter.

“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards. Organizations need to pay a lot more emphasis to this than they currently do. It’s not the check-the-box approach which has been traditionally followed," Dharshan Shanthamurthy, founder and CEO of SISA, said.

“This happened to be one such incident. With demonetization, and with an increase in the number of digital payments, such attacks are going to get worse," he warned.

Hitachi said it has enhanced its infrastructure to prevent such frauds in the future, but concerns remain about the cyber security preparedness of the banking system.

RBI deputy governor S.S. Mundra in a 1 February speech had pointed to the need to continuously guard against such malware attacks and also report such incidents on a real-time basis.

The Hitachi breach was first detected after few banks raised an alarm over the fraudulent use of their customers’ cards in China and the US, while these customers were in India.

According to the National Payment Corp. of India, which manages RuPay cards, some 641 customers had reported losses worth Rs1.3 crore.

The SISA report comes a day after the Reserve Bank of India appointed an inter-disciplinary standing committee on cyber security.

This committee will review threats inherent in existing and emerging technology, study adoption of various security standards and protocols, interface with stakeholders and suggest appropriate policy interventions to strengthen cyber security and resilience.

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

ABOUT THE AUTHOR
Gopika Gopakumar
Gopika Gopakumar has worked for over 15 years as a banking journalist across print and television media. Her expertise lies in breaking big corporate stories and producing news based TV shows. She was part of the 2013 IMF Journalism Fellowship Program where she covered the Annual & Spring meetings of the International Monetary Fund in Washington D.C. She started her career with CNBC-TV18, where she also produced a news feature show called Indianomics and an award winning show on business stories from South India called Up South. She joined Mint in 2016.
Catch all the Industry News, Banking News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less
Published: 09 Feb 2017, 04:43 PM IST
Next Story footLogo
Recommended For You
Switch to the Mint app for fast and personalized news - Get App