Juspay, an end-to-end payments platform, has released details of a cyberattack back in August 2020, which leaked non-sensitive masked card information.
The FinTech ‘s security audit, which was conducted immediately after the incident, isolated the cause to an unrecycled access being compromised.
This breach was restricted to an isolated system containing non-sensitive masked card primarily used for display purposes on merchant UI and cannot be used for completing a transaction, it said.
All of the customers’ full card numbers, order information, card PINs, or passwords were not leaked. The data also did not include any transaction or order information.
In a blog post commenting on the breach, Juspay said, “Several media reports seem to be sensationalizing the incident. These reports claiming that data of 10 crore cardholders’ was breached or ‘India’s largest breach’ is grossly inaccurate. We request news outlets to contact us directly to corroborate the actual facts.”
The FinTech is in contact with the authorities and the Reserve Bank of India.
Juspay noticed the breach due to unauthorised activity in one of its data stores. The incident team traced the intrusion and stopped it.
Around 35 million records with masked card data and card fingerprint data was breached.
Copyright © 2018 RegTech Analyst