Hitachi Payment Services, one of the biggest suppliers of ATM, Point of Sale (PoS) and other banking services in India confirmed its systems were compromised by a sophisticated malware attack. This led to one of India’s largest data breach in mid-2016 where hackers got hold of around 32 lakhs or 3.2 million Indian debit card details. The National Payments Corporation of India (NPCI) recently confirmed that around Rs 1.3 crore was lost from over 600 customers due to the breach.
The security breach on Hitachi Payment Services’ systems occurred between 21st May 2016 to 11th July 2016 which led to the potential compromise of debit cards. The design of malware was so much sophisticated that it had been able to work undetected and had concealed its tracks during the compromised period. While the behavior of the malware and the penetration into the network has been identified, the amount of data stolen during the above compromise period can’t be completely discovered due to secure deletion by the malware.
“Despite following adequate security measures and adopting the standards of internationally accepted best practices in the business, we confirm that our security systems had a breach during mid-2016,” said Loney Antony, Managing Director, Hitachi Payment Services. “As soon as the breach was discovered, we followed due process and immediately informed the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services.” he added.
If you have the missed the news, There has been a breach in systems of Hitachi Payment Services which led hackers to stole around 32 lakhs Indian debit card details. Cards from all major Indian banks including State Bank of India, HDFC, ICICI, YES Bank and Axis Bank were affected in the hack. As a precaution measure banks started blocking the affected debit cards and have asked customers to change ATM PIN numbers at the earliest. Banks also had blocked payments at international locations, reduced the withdrawal limits and started monitoring unusual patterns.
A forensic audit been going on by Payments Council of India on Indian bank servers and systems. This been done to detect the origin of a hack. The audit will be conducted by Bengaluru-based payment security specialist SISA.