Breach in our system led to debit card fraud: Hitachi
Monetary value of such transactions is not known, but banks have compensated the affected customers
 "Breach in our system led to debit card fraud: Hitachi")
premium
Hitachi Payment Services on Thursday admitted its systems were affected by malware leading to one of the biggest cyber security breaches in the country affecting 3.2 million debit cards.
Hitachi’s admission was based on a report by security audit firm SISA Information Security, which determined that the breach of software protocols happened between May 21, 2016, and July 11, 2016.
“SISA’s report pointed to a sophisticated injection of malware in the Hitachi Payment Services’ systems, which was able to compromise the details of these debit cards,” Hitachi said in a statement.
“While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated is unascertainable due to secure deletion by the malware,” Hitachi added.
The breach meant that customers’ accounts were debited by fraudsters. The monetary value of such transactions is not known, but the affected customers have been compensated by the banks.
The National Payments Corporation of India (NPCI) had said at that time 600 customers had reported losses of Rs 1.3 crore. But industry sources peg the figure much higher, considering the number of cards compromised.
According to sources in the Reserve Bank of India (RBI), the central bank has absolved banks of any wrongdoing and has advised that the tab be picked up by the service providers. After its admission, banking sources said, the cost of compensation would have to be borne by Hitachi. Hitachi and SISA were not available for comments.
“We confirm that our security systems had a breach during mid-2016,” said Loney Antony, managing director, Hitachi Payment Services. “As soon as the breach was discovered, we informed the RBI, NPCI, banks and card schemes. The extent of the compromise was limited and we have not seen any further misuse,” he said, adding the company had enhanced its infrastructure.
After the breach came to light, banks blocked payments at international locations, reduced withdrawal limits, monitored unusual patterns and changed cards.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%