Juspay Says Customers’ Card Details, Passwords Secure After Data Breach

Payment processor Juspay on Tuesday said the data compromised during the breach did not contain any transaction information, and customers' card numbers and passwords remain secure.

Juspay faced a cyberattack on Aug. 18 last year. While reports suggested that data of 10 crore cardholders was breached, the company termed these as "grossly inaccurate".

In a blogpost, Juspay said the breach was restricted to an isolated system containing non-sensitive masked card, primarily used for display purposes on merchant UI and cannot be used for completing a transaction.

"All of the customers' full card numbers, order information, card PINs, or passwords are secure. The compromised data does not contain any transaction or order information," it added.

The company said it is in close contact with the relevant government authorities and the Reserve Bank of India regarding this matter.

"About 3.5 crore records with masked card data and card fingerprint (which is non-sensitive information) were breached...A part of user metadata in our system which has non-anonymised, plain-text e-mail IDs and phone numbers got compromised," it said, explaining the impact of the breach.

The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction, it added.

Juspay said one of its isolated storage systems was attacked on Aug. 18, 2020 and a security audit conducted immediately after the incident isolated the cause to an unrecycled access being compromised.

The company said its merchant partners were informed of the cyberattack and it worked with them to take various precautionary measures to safeguard information.

Juspay said it has further tightened various internal systems access control protocols, limiting resource access.

"We are engaged with threat intelligence experts and have invested in enhanced threat monitoring tools," it added.