HDFC, ICICI Bank, Axis Bank, SBI & Yes Bank Hit With Malware Attacks; 32 Lakh Cards Compromised

We are very familiar with the usage of ATM’s. After the invention of ATM machine, the major task of drawing the money from our bank account became so easy. Nowadays all the banks are giving the ATM cards to the account holders. It’s very convenient for us to carry ATM-cum-Debit cards with us. You can withdraw from your account with a simple swipe of you debit card at the ATM’s.
One can draw the amount from any Automated Teller Machine (ATM) irrespective of their banks. However, now the ATM’s also facing problems with the Cyber-Attacks.  From past few days we are hearing that a major cyber-attack at the back-end system of a bank has suspected to compromised i.e; about 32 lakh debit cards from HDFC, ICICI Bank, Axis Bank, SBI and Yes Bank have been at risk.
Among the affected cards, 2.6 million are said to be on the Visa and Master-Card platform and 600,000 on the RuPay platform. The worst-hit of the card-issuing banks are State Bank of India, HDFC BankBSE -0.20 %, ICICI BankBSE 4.49 %, YES Bank and Axis Bank.

What Happened Exactly?

According to the reports, the breach is said to have originated in malware introduced in systems of a Yes Bank ATM, which was maintained and supported by Hitachi Payments Services. When a non-Yes Bank account holder used that ATM, then the malware spread into other ATMs, and subsequently into the ATM Network of SBI, Axis Bank, HDFC and ICICI Bank. However, Yes Bank’s network was automatically infected. This enables fraudsters to steal information which allows them to steal funds.

What Banks Are Saying?

A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts. NPCI Managing Director AP Hota said “We have received complaints from banks about debit cards being used in China which aroused suspicion. Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find.”

HDFC Bank said that “it had already taken action on the matter a few weeks back. Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs. We take this opportunity to reiterate that it’s always prudent to change ATM PINs from time to time. It prevents misuse.”

SBI Chief Information Officer Mrutyunjay Mahapatra told “Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers. Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured our customers that there has not been any breach on the ATM network of SBI.”

However, Visa, MasterCard, ICICI Bank, Axis Bank and YES Bank did not reply to any queries.

What You Should Do If You Are The Debit Card Holder Of the Above Banks?

If you are the debit card holder of SBI, Axis Bank, HDFC and ICICI Bank, then immediately change your ATM password/ PIN Numbers and contact your bank regarding further instructions.

Bank informs RBI of security breach: Axis suffers cyber attack, hires EY to probe damage

The Kaspersky man said his firm had stumbled on the information in the course of a separate probe. When an Axis team looked into the bank’s servers, it found out that there was indeed an unauthorized login by an unnamed, offshore hacker.

Last week, Axis filed a preliminary report about the breach to RBI. The bank has hired EY, the audit and advisory firm, to carry out an investigation.

After SBI’s card block move, Axis Bank says it faces no loss from cyber attack

SBI had on Wednesday blocked 6 lakh debit cards after being informed of potential risks faced by some of its customers

Axis Bank Ltd, India’s third-biggest private sector lender by assets, said on Wednesday there was no loss to its customers from a recent cyber attack.

“Our internal monitoring mechanism identified such a threat recently and all steps have been undertaken to neutralize the same,” the bank said in a statement to Reuters.

India’s Economic Times newspaper, which first reported the news, said the bank filed a preliminary report about the breach to the regulator, Reserve Bank of India, and that it had hired Enrst & Young to carry out an investigation.

 “As a responsible financial institution, we proactively communicate potential threats to the regulator,” the bank said in the statement, adding that it had a large team of information technology professionals who monitor its systems and mitigate any threat.

Separately, State Bank of India, the nation’s top lender by assets, said on Wednesday it had blocked cards of certain customers, and was issuing them new cards, in “precautionary” measures after being informed of potential risks to those cards.

The issue was not specific to SBI, the bank said.

“Card network companies (including) the National Payments Corporation of India, MasterCard and Visa had informed various banks in India about a potential risk to some cards, owing to a data breach,” said SBI, adding that its own systems had not been compromised.

Cyber attacks on banks and financial services firms have been on the rise worldwide.

In July, state-run Union Bank of India Ltd said one of the bank’s offshore accounts was breached in a cyber attack, but the money trail was traced and the movement of funds was blocked.

Some $81 million was stolen from the Bangladesh central bank account with the New York Fed this year in one of the biggest-ever cyber heists.

Sources: https://www.alltechbuzz.net/banks-hit-with-malware/
https://t.co/OddOFO60p1https://www.google.co.in/amp/wap.business-standard.com/article-amp/companies/after-sbi-s-card-block-move-axis-bank-says-it-faces-no-loss-from-cyber-attack-116101900823_1.html