NEW DELHI – Indian banks scrambled Friday to contain the damage after finding that more than 3.2 million debit cards may have been hacked.
Several banks, including the government-run State Bank of India, advised customers to change their personal identification numbers. The banks have recalled thousands of debit cards and blocked others that they fear have been hacked.
The breach is thought to have been caused by malware on an ATM network.
Finance Minister Arun Jaitely said Friday the government was investigating how the security breach occurred.
The National Payments Corporation of India that controls all retail payments systems in India said banks had received complaints from customers that their cards had been used fraudulently in China and the United States. The NCPI has alerted banks that 3.2 million cards were affected.
On Friday, NCPI’s managing director and CEO, Abhaya Prasad Hota, sought to reassure customers that financial authorities had stepped up precautions.
“Necessary corrective actions already have been taken,” Hota said. “There is no reason for bank customers to panic.”
The NPCI, in a statement, said a total of 13 million rupees ($195,000) were withdrawn fraudulently in transactions affecting 19 banks and 641 customers.
The State Bank of India, the country’s top lender, said about 620,000 of its more than 200 million cards were “vulnerable” due to the security breach.
India’s Economic Affairs Secretary Shaktikanta Das said the government was tracking how the security breach took place.
“In this cyber world, all transactions leave a trail. We will track the trail. Locate the point of origin of the breach and government will act swiftly on this,” Das said.
Apart from SBI, other Indian banks include the Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank that have replaced debit cards. Among private sector players, ICICI Bank, HDFC Bank and Yes Bank have advised customers to change their identity numbers or change their cards.