The finance ministry is concerned over India’s biggest ever banking security breach involving over 32 lakh debit cards.
To get the complete picture of the breach, the finance ministry has asked multiple agencies, including the RBI, to submit its report in 10 days. With this the ministry will get to know whether hacking or compromise took place.
Finance Minister Arun Jaitley had also asked a report on banks’ preparedness to deal with cyber crimes.
Shaktikanta Das, secretary, department of economic affairs, said there is no need for alarm as the integrity of banks’ information technology systems is very robust and the government will take “whatever action is required.”
Multiple government organizations, including the cyber cell of the Mumbai Police’s crime branch, the ministry of finance and the government’s cybersecurity arm Computer Emergency Response Team-India (CERT-In), are aggressively looking into the largest reported data breach India’s banking system has experienced so far.
As per reports, a malware in Hitachi’s payment systems (which power most ATMs and Points of Sale in India) has resulted in the breach, enabling fraudsters to steal information allowing them to steal funds. Among the worst hit banks are HDFC, ICICI, YES Bank, Axis Bank and SBI.
The complaints of fraudulent withdrawals are limited to cards of 19 banks and 641 customers, according to the National Payments Corporation of India (NPCI), the domestic payment gateway. The total amount involved is Rs 1.3 crore as reported by various affected banks, it added.
Department of financial services additional secretary GC Murmu said the data breach is reported to have taken place form specific machines and within a particular time period. He said data of the users who have transacted from Hitachi ATM machines have been compromised during the month of May, June and July. The Hitachi ATMs, deployed by many White Label ATM and Yes Bank were impacted by the malware.
There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa- and Master Card-enabled.
As precautionary measures, the banks have asked customers to block affected cards and replace them, with some advising customers to change their PINs regularly so as to prevent misuse following such incidents.
The extent of the breach is not yet fully known though one agency put the number of compromised cards as high as 6.5 million.
After the report on breach, the cyber cell of Mumbai Police’s crime branch got into action, taking cognizance of the issue on its own. The cell has sought information and data from the NPCI and the RBI in this connection.
At the bank level, there is no clarity on the kind of data that was stolen.
“It was established through the analysis after such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period,” the NPCI said.