The puzzle behind one of the biggest cyber security breaches -that compromised 3.2 million cards last year in 2016- has been resolved. Japan-based Hitachi Payments Services on Thursday admitted the system breach and said: "We confirm that our security systems had a breach during mid-2016."
Hitachi Managing Director Loney Anthony said that data breach happened despite following adequate security measures. "As soon as the breach was discovered, we informed the RBI, NPCI, banks and card schemes. The extent of the compromise was limited and we have not seen any further misuse," he said.
"Hitachi Payment Services regrets the inconvenience caused to banks and its customers due to this lapse in its security infrastructure. We assure you of our highest commitment to building a robust infrastructure in our systems and preventing such cyber frauds in future," Anthony said.
Hitachi made the acknowledgement following the final assessment report from security audit firm SISA Information Security. "SISA's report pointed to a sophisticated injection of malware in the Hitachi Payment Services' systems, which was able to compromise the details of these debit cards," Hitachi said in a statement.
"While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated is unascertainable due to secure deletion by the malware," Hitachi added. The data breach happened between May 21 and July 11.
Last year in October, India's largest bank SBI and several banks had recalled a large number of cards, while many others blocked the ones suspected to have been compromised. National Payments Corporation of India or NPCI, which is an umbrella organization for all retail payments system in India, had confirmed that the complaints of fraudulent withdrawals from 641 customers and the total amount involved is Rs 1.3 crore were reported by various affected banks.
"All affected banks have been alerted by card networks that a total card base of about 3.2 million could have been possibly compromised. Out of this 0.6 million are RuPay cards," NPCI had said.