1. Home
  2. Bengaluru-based 'JusPay' refutes 10 cr card data breach claim, says only 3.5 cr users' info leaked

Bengaluru-based 'JusPay' refutes 10 cr card data breach claim, says only 3.5 cr users' info leaked

Agencies
January 6, 2021

Juspay.jpg

Bengaluru, Jan 6: Bengaluru-based digital payments gateway JusPay on Tuesday clarified that about 3.5 crore records with masked card data and card fingerprint were compromised by a hacker and the claim of 10 crore cardholders' data being affected is “incorrect". Responding to claims made by independent cyber security researcher Rajshekhar Rajaharia on Sunday that data of nearly 10 crore credit and debit card holders in the country is being sold for an undisclosed amount on the Dark Web -- leaked from a compromised server of Juspay, the company said in a fresh statement that none of its merchants and their customers are at any risk.

"The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction. A part of user metadata in our system which has non-anonymised, plain-text email IDs and phone numbers got compromised," the company informed.

"On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress," it added.

According to JusPay, no full card numbers, order information, card PINs and passwords were leaked.

"We conducted a thorough audit on the day of the incident which confirmed that our 'Secure Data Store' which hosts the 16-digit encrypted card numbers was not accessed and remains secure. The cyberattack was identified in an isolated/separate system," JusPay elaborated.

"We can confirm that the compromised data does not contain any transaction or order information, as the intrusion was terminated before such an access."

Rajaharia had told IANS that the data was being sold on the Dark Web for an undisclosed amount via cryptocurrency Bitcoin.

"For this data, hackers are also contacting via Telegram," he said, adding that if the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number.

"In this condition, all 10 crore cardholders are at risk," Rajaharia noted.

JusPay said that it has made significant investments in security and data governance and its policies are aligned to globally accepted data protection standards.

"We did identify gaps in some of the older access keys and moved them to non-access key-based authentication supported by hosting providers. We have also made two-factor authentication (2FA) mandatory for all the tools accessed by our teams," the company said.

According to Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC), data leaks due to internal vulnerabilities has become a common instance in India, especially in the last two years.

"Enterprises and institutions have begun to understand the importance of having a strong security framework to save themselves from an external attack by a cybercriminal. However, they tend to overlook the internal vulnerabilities that can prove to be very damaging to their reputation and business if exploited by the bad guys," Sharma told IANS.

Regular network and server evaluation, proactive detection of zero-day vulnerabilities and patching them immediately, launching attractive bug-bounty programmes and promptly informing the users of a potential leak are some of the "mandatory steps that large enterprises and institutions should follow in order to stay away from cybercriminals and save their reputation," he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 4,2025

Mangaluru: In a shocking case of fraud, six individuals posing as officials from the Enforcement Directorate (ED) swindled a beedi businessman of Rs 25 to 30 lakh in cash and five mobile phones at Kolnad in Bantwal taluk of Dakshina Kannada on Friday night.

The incident came to light after Mohammed Iqbal, 27, lodged a complaint with the police, stating that his father, a beedi trader, was targeted by the imposters.

According to the complaint, the six accused arrived at the businessman’s residence around 8:10 pm in a car with Tamil Nadu registration plates. Claiming to be ED officials, they announced that they had orders to search the house and began confiscating mobile phones from the family members.

The fraudsters reportedly discovered Rs 25 lakh to Rs 30 lakh in cash, which the businessman had kept aside for business purposes. They claimed that keeping such a large amount was illegal and threatened to arrest him unless he complied. By 10:30 pm, the group left the house, instructing the businessman to submit documents at the ED office in Bengaluru to reclaim the money.

Later, upon discussing the incident with his family, Iqbal realized that the individuals were not ED officials but fraudsters who had impersonated authorities to rob them.

A case has been registered at Vittal Police Station under relevant sections of the Indian Penal Code. An investigation is underway, and the police have promised swift action to apprehend the culprits.

Dakshina Kannada Superintendent of Police Yathish N, along with senior officers, visited the crime scene and assured the family that the perpetrators would be brought to justice at the earliest.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 14,2025

ashokavijayendra.jpg

Bengaluru: The BJP on Tuesday accused the police of "framing" an innocent person in the cow attack case in Chamarajapet here and demanded a fair investigation into the incident.

Sheikh Nasru (30), a native of Champaran in Bihar, has been arrested for allegedly slashing the udders of three cows on Sunday.

The matter escalated into a communal controversy after the saffron party threatened to observe 'Black Sankranti' if the culprits were not arrested before the festival.

The party has since emphasised that the actual perpetrators must be apprehended.

Addressing media here, BJP state president B Y Vijayendra said, "There are claims that an innocent man has been falsely implicated and is being projected as the culprit."

Leader of Opposition R Ashoka also raised doubts about the investigation, questioning how a mentally unstable man could work at the firm for a decade.

Ashoka noted that the incident occurred at the veterinary hospital, which spans four acres.

He alleged that the hospital was recently declared Waqf property and claimed that Karna, the owner of the injured cattle, had opposed the Waqf Board’s decision, suggesting this opposition might have led to the incident.

The party leaders led by Vijayendra and Ashoka celebrated 'Sankranti' by offering special prayers to cows at the spot where the attack took place.

Meanwhile, state Home Minister G Parameshwara dismissed the opposition charges and said the police were investigating the case without any bias.

"If the investigation reveals the involvement of more people, then police will not spare them," he told reporters here.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 14,2025

Udupi: Karnataka Kreedakoota-2025, a sports event organised by the Youth Empowerment and Sports Department, Karnataka Olympic Association, and the District Administration, will be held in Udupi and Dakshina Kannada districts from January 17 to January 23.

The event will feature 1,373 athletes participating in a variety of sports, including kayaking, canoeing, archery, cycling, wrestling, boxing, hockey, lawn tennis, table tennis, Kabaddi, Judo, and athletics.

Deputy Commissioner Vidya Kumari K addressed a press conference on Monday, providing details about the events in Udupi and Dakshina Kannada.

According to her, while volleyball, basketball, and swimming competitions will take place in Dakshina Kannada, events like kayaking and canoeing will be held in Brahmavara’s Swarna River, and archery will take place at the MJC Ground in Manipal.

Marena Sports Complex in Manipal will host lawn tennis and table tennis matches, she added.

The opening ceremony will take place on January 17 in Mangaluru and Chief Minister Siddaramaiah will be inaugurating the event.

The closing ceremony will be held in Udupi on January 23, with Governor Thaawarchand Gehlot and Home Minister G Parameshwar attending.

The district administration, in collaboration with Manipal Academy of Higher Education (MAHE), Manipal, has made provisions for accommodation and food for the participants, said the DC.

She also said the synthetic track at the Mahatma Gandhi District Stadium in Ajjarakad is undergoing repair work after its 10-year durability period ended in 2023, to provide athletes better infrastructure.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.