2016 Indian Banks data breach

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

2016 Indian Banks data breach was reported in October 2016. It was estimated 3.2 million debit cards were compromised. Major Indian banks, among them SBI, HDFC Bank, ICICI, YES Bank and Axis Bank, were among the worst hit.[1] The breach went undetected for months and was first detected after several banks reported fraudulent use of their customers’ cards in China and the United States, while these customers were in India.[2][3]

This resulted in one of the India's biggest card replacement drive in banking history. The biggest Indian bank State Bank of India announced the blocking and replacement of almost 600,000 debit cards.[4]

An audit performed by SISA Information Security reports that the breach was due to malware injected into the payment gateway network of Hitachi Payment Systems.[5][6]

See also[edit]


  1. ^ Shukla, Saloni; Bhakta, Pratik (20 October 2016). "3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit". The Economic Times. Retrieved 2 April 2020.
  2. ^ Gopakumar, Gopika (10 February 2017). "Malware caused India's biggest debit card data breach: Audit report". Livemint. Retrieved 2 April 2020.
  3. ^ Christopher, Nilesh (28 December 2016). "The worst cyber attacks of 2016". The Economic Times. Retrieved 2 April 2020.
  4. ^ Iyer, Satyanarayan (20 October 2016). "Security breach: SBI blocks over 6 lakh debit cards". The Economic Times. Retrieved 2 April 2020.
  5. ^ Mathew, Alex (9 February 2017). "Hitachi Owns Up To Mid-2016 Breach That Compromised 32 Lakh Debit Cards". Bloomberg Quint. Retrieved 2 April 2020.
  6. ^ Ryder, Rodney D.; Madhavan, Ashwin (2019). Cyber Crisis Management: Overcoming the Challenges in Cyberspace. New Delhi: Bloomsbury Publishing. ISBN 978-93-89165-52-4.