India markets open in 6 hours 17 minutes

    -440.78 (-0.87%)
  • Nifty 50

    -142.70 (-0.95%)
  • Dow

    +572.20 (+1.85%)
  • Nasdaq

    +196.65 (+1.55%)

    +103,079.00 (+2.90%)
  • CMC Crypto 200

    +39.75 (+4.21%)
  • Hang Seng

    -138.51 (-0.47%)
  • Nikkei

    -65.78 (-0.23%)

    -0.3331 (-0.38%)

    -0.2952 (-0.29%)

    +0.0220 (+0.11%)

    +0.0048 (+0.33%)

    -0.1340 (-0.25%)

3.5 Crore Records Breached in Cyber Attack on Company, Says Juspay

The Quint
·2-min read

Bangalore start-up Juspay has issued a statement saying that about 3.5 crore records with masked card data and card fingerprint were breached in a cyber attack suffered by them in August 2020. According to the company, this falls under the category on non-sensitive information.

The statement by the company also says that a part of user metadata in their system “which has non-anonymised, plain-text email IDs and phone numbers got compromised.”

"All of the customers’ full card numbers, order information, card PINs, or passwords are secure. The compromised data does not contain any transaction or order information." - Statement from Juspay

Also Read: Juspay Data Breach: Have My Card Details Leaked? What Happens Now?

Earlier, media reports had said that personal details such as email ids, full names, phone numbers, and debit and credit card details of over a 10 crore users of Juspay had been breached by a hacker who posted the data for sale on the dark web, which the company has denied, terming them “grossly inaccurate”.

The Bangalore start-up processes transactions from Amazon, MakeMyTrip, Swiggy, Uber, Airtel, Vodafone Idea and other well-used applications in India and had announced the data breach in August of 2020.

Juspay confirmed the breach in a statement admitting a compromise in one of its servers. The breach happened in a data dump which would allow for more online phishing scams. The data dump was discovered in the first week of January by cybersecurity researcher, Rajshekhar Rajaharia, reported NDTV.

He apparently discovered it was done by a hacker who was trying to approach buyers on Telegram in exchange for Bitcoin payments, reported NDTV. Rajaharia told Business Insider that the seller demanded $8,000 in Bitcoin to purchase the data.

The data leak could make card holders prone to phishing scam where users may be conned into revealing private information like OTPs or PINs, said Rajaharia to Business Insider.

Also Read: TrueCaller Data of 4.75 Cr Indians for Sale On Dark Web: Report

(This story has been updated to reflect a statement from Juspay)

(With inputs from Business Insider and NDTV Gadgets)

. Read more on India by The Quint.Laxmi Ratan Shukla Resigns: Factionalism Causing a TMC Collapse?Happiness - What Is It and How Do We Find It? . Read more on India by The Quint.