2016 Indian Banks data breach

  • The 2016 Indian bank data breach, reported in October 2016, resulted in the compromise of approximately 3.2 million debit cards. Major Indian banks, including SBI, HDFC Bank, ICICI, YES Bank, and Axis Bank, were significantly impacted.
  • The breach remained undetected for several months and came to light when multiple banks reported fraudulent transactions on their customers’ cards in China and the United States, despite the cardholders being in India.
  • In response, India launched one of its largest-ever card replacement initiatives in banking history. State Bank of India (SBI), the country’s largest bank, announced the blocking and replacement of nearly 600,000 debit cards.
  • An audit conducted by SISA Information Security revealed that the breach occurred due to malware that had been injected into the payment gateway network of Hitachi Payment Systems.