The finance ministry is concerned over India’s biggest ever banking security breach involving over 32 lakh debit cards.
Finance Minister Arun Jaitley had also asked a report on banks’ preparedness to deal with cyber crimes.
Multiple government organizations, including the cyber cell of the Mumbai Police’s crime branch, the ministry of finance and the government’s cybersecurity arm Computer Emergency Response Team-India (CERT-In), are aggressively looking into the largest reported data breach India’s banking system has experienced so far.
The complaints of fraudulent withdrawals are limited to cards of 19 banks and 641 customers, according to the National Payments Corporation of India (NPCI), the domestic payment gateway. The total amount involved is Rs 1.3 crore as reported by various affected banks, it added.
Department of financial services additional secretary GC Murmu said the data breach is reported to have taken place form specific machines and within a particular time period. He said data of the users who have transacted from Hitachi ATM machines have been compromised during the month of May, June and July. The Hitachi ATMs, deployed by many White Label ATM and Yes Bank were impacted by the malware.
As precautionary measures, the banks have asked customers to block affected cards and replace them, with some advising customers to change their PINs regularly so as to prevent misuse following such incidents.
The extent of the breach is not yet fully known though one agency put the number of compromised cards as high as 6.5 million.
At the bank level, there is no clarity on the kind of data that was stolen.
“It was established through the analysis after such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period,” the NPCI said.