Hackers stole 32 lakhs Indian debit cards details, Banks starts blocking the cards

In one of India’s largest data breach, hackers got hold of around 32 lakhs or 3.2 million Indian debit card details. Cards from all major Indian banks are affected in the hack and include State Bank of India, HDFC, ICICI, YES Bank and Axis Bank.

Of the debit cards stolen, around 2.6 million cards are on Visa and MasterCard platforms, while 600,000 are on India’s own RuPay platform. Several customers have reported unauthorised usage of their debit cards from locations in China.

The data breach is believed to have taken place several weeks ago. It isn’t yet clear who is behind the attack, but the breach originated in malware injected in systems of Hitachi Payment Services. Hitachi is one of the biggest suppliers of ATM, point of sale (PoS) and other banking services.

The banks have already started blocking the affected debit cards and have asked other customers to change ATM PIN numbers at the earliest. SBI said to have blocked and started reissuing around six lakh debit cards.

HDFC Bank has also taken proactive steps to tackle the issue. The bank is advising its customers to change their ATM PIN at the earliest and to use only HDFC Bank ATMs to withdraw money.

How to stay safe with ATM cards

• Always keep your ATM PIN a secret. Never disclose it to anyone or write it down anywhere.
• Change the ATM PIN once in at least three months.
• While paying online for shopping or recharge using your debit card, always opt to the OTP (one-time password).
• Always check your bank statement for any miss-match with your spendings.
• While on ATM counters
  • Block the view while entering your ATM PIN (to avoid any overhead cameras)
  • Always review your receipt of the transaction before leaving the ATM counter.
  • Don’t use the ATM counter if you find anything suspicious around (like cameras, tapes).

A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems. This been done to detect the origin of a hack. The audit will be conducted by Bengaluru-based payment security specialist SISA.