04:48 GMT20 January 2021
Listen Live
    Asia & Pacific
    Get short URL
    0 26

    A sophisticated malware attack on Hitachi Payment Services in 2016 has affected 3.2 million debit cards in India, the company admitted on Thursday.

    Hitachi is aware that malware was injected onto their systems between May 21, 2016, and July 11, 2016, but the company has no idea how much damage was actually done, as the bug was able to "work undetected and had concealed its tracks during the compromise period."

    “SISA’s report pointed to a sophisticated injection of malware in the Hitachi Payment Services’ systems, which was able to compromise the details of these debit cards,” Hitachi said in a statement. “While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated is unascertainable due to secure deletion by the malware.”

    At least 600 customers have reported losing at least 1.3 crore ($148,237), as a result of the attack.

    “As soon as the breach was discovered, we informed the RBI, NPCI, banks and card schemes. The extent of the compromise was limited and we have not seen any further misuse,” Loney Antony, managing director of Hitachi Payment Service, told Business Standard.

    Customers who had money stolen were refunded by banks, but the Reserve Bank of India found that the banks were not at fault over the breach, instead advising that service providers be held liable for the missing money. Sources from the central bank told the Business Standard that, as Hitachi has admitted responsibility, they will now be responsible for the funds.

    To prevent further malware attacks, banks have blocked international payments, reduced withdrawal limits, and began monitoring unusual spending patterns and other behavior by customers. Hitachi has also reportedly updated their infrastructure.


    Messaging App Malware Targets Indian Defense, Security Personnel
    'I’m Afraid, Dave' - Global Havoc-Causing Mirai Malware Evolves, Adapts
    Over 1Mln Google Accounts Breached by Android Malware Campaign Gooligan
    Dodgy Downloads and Wi-Fi Cybercrime: Europol Warns of Rise in Mobile Malware
    Using a Bomb to Kill a Bug: FBI Forces Malware on Innocent Internet Users
    Hackers, Malware, Hitachi Payment Service, Hitachi, India
    Community standardsDiscussion