Economic Affairs Secretary Shaktikanta Das on Friday urged people to not panic about the ATM security breach, which has forced banks to block more than 32 lakh debit cards. He also promised swift action, saying these hacks "can be easily reached" as they are done through computers. "Whatever action is to be taken will be done fast," he said.

His reassurance came the same day the Finance Ministry sought information from the Indian Banks Association about the implications of the security breach at a payment services provider that manages ATMs for a private-sector bank. Managing Director of National Payments Corporation of India AP Hota had said 19 banks and 641 customers had complained of fraudulent withdrawals amounting to Rs 1.3 crore.

Advertisement

Banks blocked more than 32 lakh debit cards as a pre-emptive measure to prevent monetary and data theft. "[The] advisory issued by NPCI to banks for re-cardification is a preventive exercise," Hota said. The Reserve Bank of India is also investigating the matter.

Moreover, the government's Indian Computer Emergency Response Team had reportedly issued a warning to banks on October 7 against 'targeted attacks from Pakistan' in the wake of the surgical strikes carried out by the Indian Army on September 29. The Centre's cyber security watchdog had asked financial institutions to be on alert even in July and August, reported The Economic Times. On July 1, it had warned banks about possible cyber attacks, while on August 12 and 24, it had raised an alert on possible backdoor Trojans.

On Thursday, Additional Secretary of the Department of Financial Services GC Murmu said only about 0.5% of the total number of debit cards were affected by the breach, reported PTI. "Since the data compromise took place from specific machines within a particular time period, it is just a limited issue, and banks have asked their affected customers to replace their card or change their PIN," Murmu had said.

Advertisement

While bankers have highlighted a malware-related breach in the systems of Hitachi Payments Services, the company said an audit conducted in September did not suggest any such compromise. "The final report is expected by mid-November," HPS Managing Director Loney Antony had said.

The breach, which is being touted as the biggest in India, took place between May and July and could have affected up to 32 lakh people. The banks affected include Axis Bank, HDFC Bank, ICICI Bank, State Bank of India and Yes Bank. The breach came to the fore only after a sizable number of customers complained to banks that their cards had been used in China at various ATMs and point of sale terminals.