In one of India’s largest data breach, hackers got hold of around 32 lakhs or 3.2 million Indian debit card details. Cards from all major Indian banks are affected in the hack and include State Bank of India, HDFC, ICICI, YES Bank and Axis Bank.

Of the debit cards stolen, around 2.6 million cards are on Visa and MasterCard platforms, while 600,000 are on India’s own RuPay platform. Several customers have reported unauthorised usage of their debit cards from locations in China.

The data breach is believed to have taken place several weeks ago. It isn’t yet clear who is behind the attack, but the breach originated in malware injected in systems of Hitachi Payment Services. Hitachi is one of the biggest suppliers of ATM, point of sale (PoS) and other banking services.

Hackers stole 32 lakhs Indian debit cards details, Banks starts blocking the cards

The banks have already started blocking the affected debit cards and have asked other customers to change ATM PIN numbers at the earliest. SBI said to have blocked and started reissuing around six lakh debit cards.

HDFC Bank has also taken proactive steps to tackle the issue. The bank is advising its customers to change their ATM PIN at the earliest and to use only HDFC Bank ATMs to withdraw money.

How to stay safe with ATM cards

  • Always keep your ATM PIN a secret. Never disclose it to anyone or write it down anywhere.
  • Change the ATM PIN once in at least three months.
  • While paying online for shopping or recharge using your debit card, always opt to the OTP (one-time password).
  • Always check your bank statement for any miss-match with your spendings.
  • While on ATM counters
    • Block the view while entering your ATM PIN (to avoid any overhead cameras)
    • Always review your receipt of the transaction before leaving the ATM counter.
    • Don’t use the ATM counter if you find anything suspicious around (like cameras, tapes).

A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems. This been done to detect the origin of a hack. The audit will be conducted by Bengaluru-based payment security specialist SISA.

update: 21 October, 2016

SBI has taken precautionary measures and have blocked cards of certain customers identified by the networks. SBI’ systems have not been compromised, but the bank is in the process of issuing new cards to card holders whose cards have been blocked.” SBI said in a press statement.

the breach has occurred in the case of customers who have used certain non-Axis Bank ATMs. Over the last few weeks, Axis Bank has proactively reached out to the affected customers and advised them to change their Debit Card PINs. The Axis Bank ATM network is fully secured and customers should ideally use Axis Bank ATMs to change their Debit Card PINs” said Axis Bank in a statement.

Mastercard in a press release said “We are aware of the data compromise event. To be clear, Mastercard’s own systems have not been breached.”

Visa does not currently process domestic debit ATM transactions in India, however we are working closely with all networks and our financial institution partners to support with investigations.” sais VISA in a press statement.

|