The Silicon Review ^Asia

About 1.3 million debit and credit card details have been put up on a Dark Net marketplace called Joker’s Stash. The details could have been gathered by stealing information from the magnetic strips on the cards used by bank users at ATMs or point of sale machines. The cards are being sold at 100 dollars each with the total value of the estimated card database at over 130 million.  

Ilya Sachkov, CEO and founder of Group-IB (a Singaporean firm that specialises in detection and prevention of cyber-attacks), said that the authorities concerned have been alerted. Group IB said that out of the 1.3 million cards, 98% of the cards are believed to be from India. 

Data Security Council India (DSCI) commented that India has largely failed its customers by not having data breach disclosure laws. In countries in Europe and North America, banks are ordered by the law to inform the bank customers of the breach within 24 hours. In India, the people affected by it often are the last people to know about their security being compromised.

Group-IB has not shared the names of the affected banks as of yet but they reported that more than 18 percent of the cards stolen were issued by a single Indian Bank. The diversity in the compromised banks suggests that it was not the case of a particular bank being hacked but a nation-wide security failure. A similar case has happened before in September 2016, when 3.2 million debit cards got compromised because of a problem at Hitachi Payment Systems. During that breach, ICICI Bank, SBI and others had their cards compromised and a lot of them were re-issued.

Customers took to twitter to point out that during the 2016 breach, they were not informed of it by the banks and found out from news reports that their cards have been compromised.