Hitachi Payment Services has confirmed that a malware on its system caused the breach of financial data last year. The breach ended up compromising the data of 32 lakh debit cards in India. The assessment by the company mentions that debit cards were compromised between the 21st May 2016 and 11th July 2016.
The agency mentions that the malware worked undetected and had concealed its tracks during the compromise period. The malware has been detected, but the amount of data compromised during the period is ‘unascertainable’ due to ‘secure deletion of malware’. The company mentions that once the breach was discovered, it followed due process and informed the Reserve Bank of India, the National Payments Corporation of India, banks and card schemes.
Note that the breach, which was reported in October last year, had mostly affected ATMs on YES Bank’s network. Around 90 YES Bank’s ATMs and POS machines were targeted by the malware which resulted in card details of State Bank of India (SBI), ICICI Bank and HDFC Bank customers stolen. The report added that NPCI, Visa, MasterCard, the banks involved and Hitachi had called for a forensic probe into the matter.
The damage to customers
NPCI had said that the complaints of fraudulent withdrawal were limited to cards of 19 banks and 641 customers. The total amount involved is Rs. 1.3 crore, out of a card base of about 3.2 million. The NPCI had received complaints from few banks that their customer’s cards were used fraudulently mainly in China and USA while customers were in India.