The Minister of State in the Ministry of Finance
(a) to (e): Reserve Bank of India (RBI) has informed that an incident of data breach with respect to cards was reported. In this connection, independent investigation by a forensic auditor approved under Payment Card Industry Data Security Standard (PCI-DSS) framework was carried out. Further, RBI has informed that “M/S SISA, the forensic investigating agency, had submitted the final report of the investigation to M/S Hitachi which was shared by them with Yes Bank on February 9, 2017. As per the findings of the investigation, the malware infection infiltrated the systems of Hitachi from an unknown origination point. The window of exposure was from May 21, 2016 to July 12, 2016 during which about 2.9 million cards were transacted in the ATMs connected to the affected systems of Hitachi. In the absence of logs, actual amount of data loss could not be ascertained. However, the successful attempts of misuse of compromised cards reported to RBI by banks was only 3291.
Reserve Bank of India (RBI) has advised card network operators to share details of the cards with concerned banks for necessary remedial action. RBI has issued certain instructions on Cyber Security vide circular dated June 02,2016 titled ‘Cyber Security Framework in Banks’, wherein, banks were advised to immediately put in place a cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk.
Banks have advised their respective customers where card details could potentially have been compromised to change the PIN immediately. A few banks have replaced the cards with new ones. In a few cases the change of PIN also was forced by the banks. Thus the impact of the incidence could be controlled.
*******
Download PDF Files
