Update: Axis Bank sent an official statement about the development:
Many large financial institutions across the globe, often receives security threats from various sources. Axis Bank has strong security systems and procedures in place. We have a large team of IT professionals and security experts who are constantly monitoring our systems, and mitigate any threat.
Integrity of our systems and confidentiality of customer information are of paramount importance to us and we vigorously combat all potential threats and neutralize them.
As a responsible financial institution, we proactively communicate potential threats to the regulator to maintain broader systemic integrity.
Our internal monitoring mechanism identified such a threat recently and all steps have been undertaken to neutralize the same.
We stay committed to our customers and it is always been endeavor to ensure that the customer’s interest are always protected.
Earlier: Axis Bank, the third largest private sector bank, has hired audit Enrst and Young to investigate a security breach in its servers, reports the Economic Times. A month ago, the bank got a call from security firm Kaspersky Lab who said that their servers may have been breached. An independent probe confirmed an authorized entry by an offshore hacker, the report added.
The publication added that there were no funds transferred and but the bank and Ernst and Young are still trying to figure out the extent of the damage and if there were any data loss. The bank is also sweeping its servers to see if the infection is still there in its systems. The bank has also informed the Reserve Bank of India (RBI) about the hack in a preliminary report.
Separately, State Bank of India (SBI) said that it would reissue more than 6 lakh debit cards who were blocked following a malware-related security breach, as indicated by this Times of India report. The report added that customers who used cards at SBI’s ATMs are not affected by the attack and that malware was in ATMs of other banks and added that there was a high probability of card data being compromised in these infected ATMs.
Many of SBI’s customers found that their debit cards were locked out by the bank and had to go reapply for a card at their branch or through net banking.
Note that banks are not required to inform regulators in case of a security breach and frequently handle hacks internally.
Credit card fraud in Kotak Mahindra Bank
In October 2015, Kotak Mahindra Bank detected a credit card fraud to the tune of Rs 2.84 crore which involved 1730 transactions carried out on 580 cards. The fraud was carried out by fabricating the cards and used for online shopping and making payments in seven countries. An internal investigation by the bank showed that the cards were created by stealing data from a newly created series of unissued cards all within the BIN (Bank Identification Number) range.