Thursday, 16 February 2017

Hitachi Payment services accepts its systems were compromised

Hitachi payment Services conducted an audit regarding security breach that had compromised about 3.2 million credit cards issued by Indian banks in October 2016, after Reserve bank of India ordered an audit four months back.

The company confirmed on Thursday that their system was affected by "a sophisticated injection of malware (malicious software code)", that hampered detail of debit cards issued by banks.

Hitachi Payment Services, a firm that provides ATMs, point of sale and other services in India, said security audit firm SISA Information Security has completed its final assessment report on the breach and discovered  that the highly sophisticated malware had worked undetected and concealed its tracks during the compromise period between May 21 and July 11 , 2016.

“While the behavior of the malware and the penetration into the network has been deciphered, the amount of data ex filtrated during the above compromise period is unascertainable due to secure deletion by the malware,” said a statement released by Hitachi Payment Services.

According to the National Payments Corporation of India (NPCI), which looks at payment system in India discovered that almost 90 ATMs in the country were compromised through malware and least 641 customers across 19 banks lost Rs 1.3 crore to fraudulent transactions on their debit cards.

Loney Antony, managing director of Hitachi Payment Services said, “…we confirm that our security systems had a breach during mid-2016. As soon as the breach was discovered, we followed due process and immediately informed the RBI, National Payments Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services"


The hacker group in the Russian Federation, whose members are under the radar of stealing funds from accounts of Russian financial institutions, was dismantled. The Spokesman of the Ministry of Internal Affairs of the Russian Federation Irina Wolf stated.

"In May 2016, after effective interaction between the Ministry of Internal Affairs and the Federal Security Services the Russian Federation, an unprecedented interdiction operation had been carried out against the hacker group, whose members had lived in 17 different locations of the country and had been a part of misappropriation of funds from accounts of Russian financial institutions since 2013, Wolf stated in the report, published on the website of the Ministry of Internal Affairs. For the period of its activity, 50 members had managed to transfer more than 1 billion rubles."

The Spokesman of the Ministry of Internal Affairs added to her statement that other than bank accounts, attackers had also hacked critical infrastructure, including strategic industrial enterprises. 

Searches were conducted, during which computers, media devices and means of communication, as well as funded and edged weapons were seized.

"At the moment 27 organizers and participants of the group, of this 19 suspects, held criminal liable. The court had ordered their remand in custody", - the statement reflected on the website. The matter remains under investigation.