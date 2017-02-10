Four months after the Reserve Bank of India (RBI) ordered Hitachi Payment Services to conduct an audit of its system for a security breach that possibly compromised about 3.2 million cards issued by Indian banks in October 2016, the company on Thursday confirmed that its system was affected by “a sophisticated injection of malware (a piece of malicious software code)”, which compromised the details of the debit cards.

Hitachi Payment Services, a firm that provides ATMs, point of sale and other services in India, said security audit firm SISA Information Security has completed its final assessment report on the breach and found that the highly sophisticated malware had worked undetected and concealed its tracks during the compromise period between May 21 and July 11 , 2016.

“While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated during the above compromise period is unascertainable due to secure deletion by the malware,” said a statement released by Hitachi Payment Services.

According to the National Payments Corporation of India (NPCI), which has oversight over the payments system in India, as many as 90 ATMs in the country were compromised through malware and least 641 customers across 19 banks lost Rs1.3 crore to fraudulent transactions on their debit cards.

“…we confirm that our security systems had a breach during mid-2016. As soon as the breach was discovered, we followed due process and immediately informed the RBI, National Payments Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services,” said Loney Antony, managing director of Hitachi Payment Services.