Online transaction data of around 10 crore Indians have been breached in one of the biggest data leaks in the recent past and is on sale on the dark web, according to a report by Business Standard. The data has been allegedly lifted from Bengaluru-based fintech and payment gateway company Juspay
Juspay processes transactions for several e-commerce bigwigs such as Amazon, Swiggy, Uber among others.
The company faced a cyberattack on August 18 last year. While reports suggested that data of 10 crore cardholders were breached, the company termed these as "grossly inaccurate".
In a blogpost, Juspay said the breach was restricted to an isolated system containing non-sensitive masked card, primarily used for display purposes on merchant UI and cannot be used for completing a transaction.
"All of the customers' full card numbers, order information, card PINs, or passwords are secure. The compromised data does not contain any transaction or order information," it added.
The company said it is in close contact with the relevant government authorities and the RBI regarding this matter.
"About 3.5 crore records with masked card data and card fingerprint (which is non-sensitive information) were breached...A part of user metadata in our system which has non-anonymised, plain-text e-mail IDs and phone numbers got compromised," it said, explaining the impact of the breach.
The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction, it added.
Juspay said one of its isolated storage systems was attacked on August 18, 2020 and a security audit conducted immediately after the incident isolated the cause to an unrecycled access being compromised.
The company said its merchant partners were informed of the cyberattack and it worked with them to take various precautionary measures to safeguard information.
Juspay said it has further tightened various internal systems access control protocols, limiting resource access.
"We are engaged with threat intelligence experts and have invested in enhanced threat monitoring tools," it added.
(With inputs from PTI)