India is dealing with one of the worst data breaches ever to hit the country with as many as 3.2 million debit card details stolen from multiple banks and financial platforms.
On Thursday, the Economic Times reported that malware was used to compromise the Hitachi Payment Services platform, used to power India’s ATM, point-of-sale (PoS) systems and other financial transactions.
This infection then affected the State Bank of India (SBI), ICICI, Yes, Axis and HDFC, which are said to be the hardest hit. The Visa and Mastercard networks are also allegedly affected by the data breach — which took roughly six weeks to detect.
Little is known beyond feedback from several victims who claim that their cards are being used fraudulently in China.
According to people familiar with the matter, SBI has blocked and will reissue 600,000 debit cards.
SBI chief information officer Mrutyunjay Mahapatra told the publication:
“Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers.”
Financial security specialist SISA is investigating the case alongside the banks affected. In the meantime, customers have been asked to change their PIN numbers as a precautionary measure.