ATM Cards Security Breach

Looks like hackers want to make quick money before Christmas !!

  • What has happened: As reported in Hindustan Times, “A virus or malware infection at Hitachi Payments Services led to over 32 lakh debit cards in India being compromised. Hitachi is one of the companies that operate ATMs in India. The compromised debit cards were used in ATMs that are suspected to have exposed details of the cards to the malware.”
  • Who are impacted:
Vendors and number of Cards affected
Vendors and number of Cards affected







Number of User affected so far
Number of User affected so far







  • Current actions from Banks:
    • SBI blocks 600,000 Debit cards and will re-issue the cards
    • Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank have already replaced their debit cards which are affected as a pre-emptive measure
    • ICICI Bank, HDFC Bank and Yes Bank are yet to replace their debit cards. As a precautionary measure, these banks have asked their Customers to change their ATM PINs
  • What the Banks and Manufacturers have to say:
    • Yes Bank‘s managing director and chief executive Rana Kapoor “There needs to be a lot more vigilance where there are outsourcing partners to mark sure they don’t endanger the delivery and system risk, and there’s a fair amount of policing as far as outsourcing risks are concerned”
    • State Bank of India said “Card network companies NPCI, MasterCard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks”. “It’s a security breach, but not in our bank’s systems. Many other banks have this breach – right now and since a long time. A few ATMs have been affected by malware. When people use their cards on infected switches or ATMs, there is a high probability that their data will be compromised”
    • Mastercard said “Mastercard’s own systems have not been breached”
    • Hitachi said “We had appointed an external audit agency in the first week of september to check the security of our systems for any breach or compromise based on a few suspected transactions that were highlighted by banks for whom we manage their ATM networks. The interm report published by the audit agency in September, does not suggest any breach or compromise in our systems, the final report is expected by mid-November”
  • Precautionary measures:
    • Bank Customers:
      • Change your ATM PIN
      • Do not share your PIN
      • Do not provide any details of your cards to anyone over the phone
    •  Banks:
      • Get rid of the existing magnetic tape cards
      • Implement Chip-n-pin technology but ensure to fix all the issues reported in the École Normale Supérieure University and the Science and Technology Institute CEA Forensics report.


HIPAA Penalty of $2.7 million for OHSU HealthCare

Following is a statement from Bridget Barnes, OHSU chief information officer:

“Patient privacy has been and always will be a top priority at OHSU. OHSU is continuously working to improve protection of patient information data in a constantly changing security and technology landscape. The two breaches that occurred in 2013 were stark reminders to OHSU how vigilant we must be. We made significant data security enhancements at the time of the incidents and now are investing at an unprecedented level in proactive measures to further safeguard patient information.

OHSU has long had stringent privacy and security policies in place to prevent disclosures of protected health information, and we will continue to enhance the protections. In the coming weeks, OHSU will engage an external information security consultant and convene a multidisciplinary steering committee from across the university to help us meet the requirements of the corrective action plan.

Over the next few months and beyond, OHSU integrity and information security experts will work with the consultant and our steering committee to identify patient information security risks or vulnerabilities, and make regular reports to OCR, and implement any necessary mitigation strategies.

Patients and health care providers benefit significantly from access to electronic health records and emails from various devices and locations; however, this access comes with new security challenges. In the face of these challenges, OHSU is proactively working to ensure the creation of a sustainable gold standard for protected health information security and HIPAA compliance.”