The largest data breach in India’s banking system, which affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems, said Hitachi Payment Services Pvt. Ltd—the firm at the centre of the security breach. It said it didn’t know how much data was compromised.
Hitachi’s admission comes after payment and information security specialist, SISA Information Security Pvt. Ltd completed its audit of the payment services firm.
While the debit card data was compromised between 21 May and 11 July last year, it was not until September that the banking system became aware of this large-scale data breach that happened on Yes Bank’s ATM network managed by Hitachi.
“The malware, being sophisticated in its design, had been able to work undetected and had concealed its tracks. While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data breached during the compromise period can’t be ascertained due to secure deletion by the malware,” said Hitachi in a statement.