Virus that In­fected Debit Cards was on Hi­tachi Net­work

Mal­ware con­cealed its tracks dur­ing the com­pro­mise pe­riod, se­cu­rity firm said in re­port

The Economic Times - - Money -

Mum­bai: Pay­ments se­cu­rity spe­cial­ist firm SISA, in its fi­nal au­dit re­port on the com­pro­mise of 3.2 mil­lion debit cards dur­ing Oc­to­ber last year, has con­firmed that the mal­ware that com­pro­mised the cards had in­deed in­fected the Hi­tachi ATM pay­ments net­work.

Though ini­tial re­ports af­ter the breach had pointed fin­gers at the Hi­tach Pay­ments ATM net­work, Na­tional Pay­ments Cor­po­ra­tion of In­dia had handed over the foren­sic au­dit to Ben­galuru-based SISA to con­firm the breach and cleanse the sys­tem.

In a state­ment to the media, Hi­tachi Pay­ment Ser­vices has con­firmed the breach and said that they will con­tinue to un­der­take all manda­tory and reg­u­la­tory se­cu­rity mea­sures to en­hance the se­cu­rity of their sys­tems.

“We con­firm that our se­cu­rity sys­tems had a breach dur­ing mid-2016. As soon as the breach was dis­cov­ered, we fol­lowed due process and im­me­di­ately in­formed the Re­serve Bank of In­dia (RBI), Na­tional Pay­ments Cor­po­ra­tion of In­dia (NPCI), banks and card schemes to en­sure the safety of their cus­tomers’ sen­si­tive data,” said Loney Antony, man­ag­ing di­rec­tor, Hi­tachi Pay­ment Ser­vices.

Antony fur­ther said that the au­dit agency not only in­ves­ti­gated the breach but also sug­gested ways to en­sure such events didn’ t oc­cur a g ain, which Hi­tachi has im­ple­mented.

The re­port also con­firmed that the mal­ware had been able to work un­de­tected and had con­cealed its tracks dur­ing the com­pro­mise pe­riod. While the be­hav­iour of the mal­ware and the pen­e­tra­tion into the net­work has been de­ci­phered, the amount of data com­pro­mised dur­ing the above pe­riod could not be con­firmed due to se­cure dele­tion by the mal­ware, said the re­port.

Bankers said that the mal­ware was so ad­vanced that it could self de­struct af­ter the tar­get was ac­com­plished thereby not leav­ing be­hind much of trace to be tracked back to its orig­i­na­tor.

They said that while the fin­gers point to­wards Hi­tachi Pay­ment Ser­vices, who ex­actly had to pay for the breach was some­thing that they would have to ex­am­ine.

“It de­pends on the agree­ments that we had signed with that ATM ser­vice provider and other banks and also on the in­sur­ance claims that could be made,” said a se­nior banker with State Bank of In­dia which had re­placed 6 lakh debit cards post the breach. “We are yet to take a call on this.”

Antony said that there were no claims made on Hi­tachi yet, since the amount lost was low.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.