RBI issues notice after reports about credit & debit card data leak affected around 1.3 million Indian account holders, asking the affected banks to investigate the reports, ensuring data safety.
According to a report issued by Reuters, the Reserve Bank of India’s notice said that the banks must secure the customer’s data by performing a preliminary analysis of the leaked information while citing an article by a tech news site on Tuesday. The apex bank asked the concerned banks to “disable” and “re-issue” the credit and debit cards as per the bank’s policy on ascertaining the leaked data to be correct and genuine.
Estimated data leak valuation at $130 million
Reports state that the security researchers at a Singapore-based Group IB discovered that the card data was on sale on the dark web at $100 per card. The estimated leaked data valuation amount to nearly $130 million.
In a statement, the Group-IB said that the names of the affected banks would not be disclosed, although hinting towards the largest Indian banks. Adding, Group-IB noted that the authorities had been informed about the breach. RBI data shows around 51.7 million credit cards, and 851.5 million debit cards were presently being circulated in our economy as of August.
However, bankers receiving the RBI’s notice issued by the cybersecurity and IT examination cell told Economic Times that it was a routine notice and shouldn’t be alarming for customers.
A banker commented that in the Indian context, the majority of the cards require two-factor authentication and should, thus, not cause any harm to the userbase.
Additionally, the banks have been asked to inform the government’s CERT-In department, responsible for emergency response, regarding the solution to the problem initiated by them.