Hitachi Payment Services Pvt. Ltd. today announced that payments and information security audit firm, SISA Information Security Pvt. Ltd. has completed its final assessment report, on the reported breach of security protocols which led to the potential compromise of debit cards between 21st May 2016 to 11th July 2016. SISA’s report pointed out to a sophisticated injection of malware (a piece of malicious software code) in the Hitachi Payment Services’ systems, which was able to compromise the details of these debit cards.
The malware, being sophisticated in its design, had been able to work undetected and had concealed its tracks during the compromise period. While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated during the above compromise period is unascertainable due to secure deletion by the malware.
Loney Antony, Managing Director, Hitachi Payment Services said, “Despite following adequate security measures and adopting the standards of internationally accepted best practices in the business, we confirm that our security systems had a breach during mid-2016. As soon as the breach was discovered, we followed due process and immediately informed the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services.”
“Hitachi Payment Services regrets the inconvenience caused to banks and its customers due to this lapse in its security infrastructure. We assure you of our highest commitment to building a robust infrastructure in our systems and preventing such cyber frauds in future. We have further enhanced our infrastructure and will continue to undertake all mandatory and regulatory security measures as needed. We feel, together through a collaborative association with all our stakeholders (banks and regulators), we will be able to provide a safer system for financial transaction – 2 – processing.” he added.
Hitachi Payment Services understands that banks had taken necessary remedial action to avoid any potential abuse of such cards in future. Banks also had blocked payments at international locations, reduced the withdrawal limits and monitored unusual patterns, advised customers to change their PIN apart from replacing cards in some cases