New Delhi, Jan 5 : Bengaluru-based digital payments gateway Juspay on Tuesday said that about 3.5 crore records with masked card data and card fingerprint were compromised by a hacker and the claim of 10 crore cardholders’ data being affected is “incorrect”.
Responding to claims made by independent cyber security researcher Rajshekhar Rajaharia on Sunday that data of nearly 10 crore credit and debit card holders in the country is being sold for an undisclosed amount on the Dark Web — leaked from a compromised server of Juspay, the company said in a fresh statement that none of its merchants and their customers are at any risk.
“The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction. A part of user metadata in our system which has non-anonymised, plain-text email IDs and phone numbers got compromised,” the company informed.
“On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress,” it added.
According to JusPay, no full card numbers, order information, card PINs and passwords were leaked.
“We conducted a thorough audit on the day of the incident which confirmed that our ‘Secure Data Store’ which hosts the 16-digit encrypted card numbers was not accessed and remains secure. The cyberattack was identified in an isolated/separate system,” JusPay elaborated.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories