advertisement
Bangalore start-up Juspay has issued a statement saying that about 3.5 crore records with masked card data and card fingerprint were breached in a cyber attack suffered by them in August 2020. According to the company, this falls under the category on non-sensitive information.
The statement by the company also says that a part of user metadata in their system “which has non-anonymised, plain-text email IDs and phone numbers got compromised.”
Earlier, media reports had said that personal details such as email ids, full names, phone numbers, and debit and credit card details of over a 10 crore users of Juspay had been breached by a hacker who posted the data for sale on the dark web, which the company has denied, terming them “grossly inaccurate”.
The Bangalore start-up processes transactions from Amazon, MakeMyTrip, Swiggy, Uber, Airtel, Vodafone Idea and other well-used applications in India and had announced the data breach in August of 2020.
He apparently discovered it was done by a hacker who was trying to approach buyers on Telegram in exchange for Bitcoin payments, reported NDTV. Rajaharia told Business Insider that the seller demanded $8,000 in Bitcoin to purchase the data.
The data leak could make card holders prone to phishing scam where users may be conned into revealing private information like OTPs or PINs, said Rajaharia to Business Insider.
(This story has been updated to reflect a statement from Juspay)
(With inputs from Business Insider and NDTV Gadgets)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)