3.2 million debit cards compromised in Indian hack

Some 3.2 million debit card credentials in India have been compromised. Described as a “catastrophic cyberattack” and “one of the biggest ever breaches of financial data in India,” the attack is believed to have been initiated through malware infection of the Hitachi Payment Services platform, responsible for ATMs and point of sale (PoS) systems in India.

Visa and Mastercard platforms, State Bank of India (SBI), ICICI, Yes, Axis and HDFC are among companies affected by the breach, which took around six weeks to be discovered. Some victims have reported fraudulent transactions made at a number of ATMs and PoS systems in China. An investigation of the entire networking is ongoing.

“Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened,” NPCI Managing Director AP Hota said.

HDFC Bank advises clients to immediately change PINs and use only HDFC Bank ATMs. Visa, MasterCard, ICICI Bank, Axis Bank and YES Bank have not released statements on the breach.