2016 Indian bank data breach

The 2016 Indian bank data breach was reported in October 2016. It was estimated 3.2 million debit cards were compromised. Major Indian banks, among them SBI, HDFC Bank, ICICI, YES Bank and Axis Bank, were among the worst hit. The breach went undetected for months and was first detected after several banks reported fraudulent use of their customers’ cards in China and the United States, while these customers were in India.

This resulted in one of the India's biggest card replacement drives in banking history. The biggest Indian bank, the State Bank of India, announced the blocking and replacement of almost 600,000 debit cards.

An audit performed by SISA Information Security reports that the breach was due to malware injected into the payment gateway network of Hitachi Payment Systems.