Hitachi Payment Services, a wholly owned subsidiary of Hitachi today announced that payments and information security audit firm, SISA Information Security had completed its final assessment report, on the reported breach of security protocols which led to the potential compromise of debit cards between 21st May 2016 to 11th July 2016.
SISA’s report pointed out to a sophisticated injection of malware (a piece of malicious software code) in the Hitachi Payment Services’ systems, which was able to compromise the details of these debit cards.
The malware, being sophisticated in its design, had been able to work undetected and had concealed its tracks during the compromise period. While the behaviour of the malware and the penetration into the network has been deciphered, the amount of data exfiltrated during the above compromise period is unascertainable due to secure deletion by the malware.
Loney Antony, Managing Director, Hitachi Payment Services said, “Despite following adequate security measures and adopting the standards of internationally accepted best practices in the business, we confirm that our security systems had a breach during mid-2016. As soon as the breach was discovered, we followed due process and immediately informed the Reserve Bank of India (RBI), National Payments
Corporation of India (NPCI), banks and card schemes. We also partnered with banks to ensure the safety of their customers’ sensitive data. As a result, the extent of compromise was limited and we have not seen any further misuse due to the containment measures deployed by Hitachi Payment Services.”
Hitachi Payment Services said that it regreted the inconvenience caused to banks and its customers due to this lapse in its security infrastructure. “We have further enhanced our infrastructure and will continue to undertake all mandatory and regulatory security measures as needed. We feel,
together through a collaborative association with all our stakeholders (banks and regulators), we will be able to provide a safer system for financial transaction processing.” he added.