YES Bank fined $1 million over massive ATM breach
01 November 2017 | 7300 views | 1
The Reserve Bank of India has hit YES bank with a $1 million fine for failing to promptly report a breach of its ATM network.
Hitachi Payment Systems in February admitted culpability for the YES Bank breach that spawned a massive recall of debit cards by the nation's banks.
A report on the compromise conducted by audit outfit Sisa, pointed to a malware injection at Hitachi servers that went undetected for almost two months in mid-2016.
The malware compromised customer debit card details, leading India's top banks to advise some customers to change PIN codes and to recall millions of debit cards.
A subsequent investigation by National Payments Corporation of India found that cases of illegal withdrawals were limited to 641 customers of 19 banks, and the total amount involved was 13 million rupees ($194,600).
Although the breach occurred between May and June of 2016, YES Bank failed to report the compromise until September of that year.
In levying the $1 million penalty on YES Bank, Jose Kattoor, RBI chief general manager states: "This action is based on deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers."