New Delhi (Reuters) — The Reserve Bank of India (RBI) has asked banks to ensure customers’ debit and credit card data is secure and investigate reports that say data of 1.3 million accounts was available online, a notice seen by Reuters showed.
Banks should secure the customers’ data by performing a preliminary analysis of the leaked card information online, the RBI notice said, and cited an article by tech news site ZDNet on Tuesday.
Three industry sources confirmed to Reuters the notice had been sent to Indian banks. The RBI did not immediately respond to a request for comment.
“On finding leaked data to be correct and genuine, disable and re-issue the credit and debit cards as per the bank’s policy,” said the notice dated Oct. 29.
Security researchers at Singapore-based Group-IB had found that card details were being sold at a price of $100 per card, ZDNet had reported. The value of the leaked database has been estimated by the group at $130 million (£100 million).
“We do not disclose the names of banks, but can tell that the database held the credit and debit card dumps related to the largest Indian banks,” Group-IB said in a statement on Thursday, adding that it had informed authorities about the breach.
There were about 51.7 million credit cards and 851.5 million debit cards in circulation as of August, RBI data shows.
“The (RBI’s) Department of Banking Supervision has sent out this letter as whenever there are some incidents the RBI alerts the banks and sends them a cautionary note which is sent to all the scheduled commercial banks,” said an industry official, requesting anonymity.
Banks have also been asked to inform the government’s CERT-In department, which is responsible for emergency response, regarding the steps taken by them.
Regulators have often issued advisories to prevent data breaches which are frequent in India, a country of 1.3 billion people where the use of payment cards and digital wallets is rising rapidly.
