In what many are calling India’s biggest ever breach of financial data, the details of 32 lakh debit card are believed to be compromised.
A malware breach in Hitachi’s payment systems (which power most ATMs and Points of Sale in India) has resulted in the breach, enabling fraudsters to steal information allowing them to steal funds, according to an Economic Times report.
Among the worst hit banks are HDFC, ICICI, YES Bank, Axis Bank and SBI.
Multiple victims have reported about unauthorized use of their debit cards from locations in China. However, so far there is little or no information regarding the location and spread of the compromised ATMs.
The banks are asking customers to change their pins.
Around 2.6 million of the compromised card are on the Visa and Mastercard platform while 60,000 are on the RuPay platform.
The malware was apparently active for over six weeks before being detected. And during this period, about 3.2 million ATM cards were used in the Hitachi payment systems.
The Payments Council of India has ordered a forensic audit on the Indian bank servers to gauge the damage and investigate the origin of the attack. The forensic audit will be conducted by Bengaluru-based payment and security specialist SISA.
SBI, HDFC and Bank of Baroda have already initiated the process of replacing the cards of the affected customers. SBI, the largest lender in the country, is replacing 6 lakh compromised cards.
Users who are affected are being directly contacted by the banks.
Since the systems in the banks themselves were not compromised, experts say replacing the cards is not strictly necessary. Customers can safely continue to use their cards with a changed pin.