Hitachi Payments Services has accepted its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected and a scare over security of card-based transactions.
The National Payments Corporation of India (NPCI) had said over 600 customers had reported losses of at least Rs 1.3 crore due to the breach.
The company made the acknowledgement following the receipt of final assessment report from payments and information security audit firm SISA Information Security and said it “regrets” the inconvenience caused.
In what poses more scope for worries, the company said the amount of data exfiltrated is “unascertainable due to secure deletion by the malware”.
“We confirm that our security systems had a breach during mid-2016,” its managing director Loney Anthony said, adding this happened despite following adequate security measures and adopting the standards of internationally- accepted best practices.
The compromise period has been identified between May 21 and July 11. It had come out in public after a slew of banks, including those not serviced by Hitachi, approached customers making either card replacements or ATM PIN changes compulsory.
Out then, the compromise was suspected to have happened through one of the ATMs of Yes Bank, one of the biggest clients of the company.
“Hitachi Payment Services regrets the inconvenience caused to banks and its customers due to this lapse in its security infrastructure. We assure you of our highest commitment to building a robust infrastructure in our systems and preventing such cyber frauds in future,” Anthony said.