The 2016 Indian bank data breach was reported in October 2016. It was estimated 3.2 million debit cards were compromised. Major
Indian banks, among them
SBI,
HDFC Bank,
ICICI,
YES Bank and
Axis Bank, were among the worst hit.[1] The breach went undetected for months and was first detected after several banks reported fraudulent use of their customers’ cards in
China and the
United States, while these customers were in
India.[2][3]
This resulted in one of the India's biggest card replacement drives in banking history. The biggest Indian bank, the State Bank of India, announced the blocking and replacement of almost 600,000 debit cards.[4]
An audit performed by SISA Information Security reports that the breach was due to
malware injected into the
payment gateway network of
Hitachi Payment Systems.[5][6]