1. Home
  2. Bengaluru-based 'JusPay' refutes 10 cr card data breach claim, says only 3.5 cr users' info leaked

Bengaluru-based 'JusPay' refutes 10 cr card data breach claim, says only 3.5 cr users' info leaked

Agencies
January 6, 2021

Bengaluru, Jan 6: Bengaluru-based digital payments gateway JusPay on Tuesday clarified that about 3.5 crore records with masked card data and card fingerprint were compromised by a hacker and the claim of 10 crore cardholders' data being affected is “incorrect". Responding to claims made by independent cyber security researcher Rajshekhar Rajaharia on Sunday that data of nearly 10 crore credit and debit card holders in the country is being sold for an undisclosed amount on the Dark Web -- leaked from a compromised server of Juspay, the company said in a fresh statement that none of its merchants and their customers are at any risk.

"The masked card data is used for display purposes on merchant UI and cannot be used for completing a transaction. A part of user metadata in our system which has non-anonymised, plain-text email IDs and phone numbers got compromised," the company informed.

"On August 18, 2020, an unauthorised attempt on our servers was detected and terminated when in progress," it added.

According to JusPay, no full card numbers, order information, card PINs and passwords were leaked.

"We conducted a thorough audit on the day of the incident which confirmed that our 'Secure Data Store' which hosts the 16-digit encrypted card numbers was not accessed and remains secure. The cyberattack was identified in an isolated/separate system," JusPay elaborated.

"We can confirm that the compromised data does not contain any transaction or order information, as the intrusion was terminated before such an access."

Rajaharia had told IANS that the data was being sold on the Dark Web for an undisclosed amount via cryptocurrency Bitcoin.

"For this data, hackers are also contacting via Telegram," he said, adding that if the hackers can find out the Hash algorithm used to generate the card fingerprint, they will be able to decrypt the masked card number.

"In this condition, all 10 crore cardholders are at risk," Rajaharia noted.

JusPay said that it has made significant investments in security and data governance and its policies are aligned to globally accepted data protection standards.

"We did identify gaps in some of the older access keys and moved them to non-access key-based authentication supported by hosting providers. We have also made two-factor authentication (2FA) mandatory for all the tools accessed by our teams," the company said.

According to Saurabh Sharma, Senior Security Researcher (GReAT), Kaspersky (APAC), data leaks due to internal vulnerabilities has become a common instance in India, especially in the last two years.

"Enterprises and institutions have begun to understand the importance of having a strong security framework to save themselves from an external attack by a cybercriminal. However, they tend to overlook the internal vulnerabilities that can prove to be very damaging to their reputation and business if exploited by the bad guys," Sharma told IANS.

Regular network and server evaluation, proactive detection of zero-day vulnerabilities and patching them immediately, launching attractive bug-bounty programmes and promptly informing the users of a potential leak are some of the "mandatory steps that large enterprises and institutions should follow in order to stay away from cybercriminals and save their reputation," he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 1,2026

Golf.jpg

The coastal city of Mangaluru is gearing up for a major sporting milestone with the launch of a Golf Excellence Academy at the Pilikula Golf Club (PGC), scheduled to open on May 31. The initiative aims to position Mangaluru firmly on India’s national golfing map.

Speaking to reporters on Saturday during PGC’s first-ever floodlit Pro-Am tournament, club captain Manoj Kumar Shetty said the project is being funded by UAE-based philanthropist Michael D’Souza and is currently in the design phase. Experts from leading golf academies across the country are expected to visit Mangaluru to help shape the training programme and infrastructure.

The academy will train 20 young golfers at a time, with a long-term vision of producing national-level players from the region. Until now, PGC relied on an in-house coach, but the recent renovation of the course and the introduction of floodlights have opened new possibilities for expanding the sport.

Shetty said discussions are underway with two reputed coaching academies, whose heads are expected to visit PGC shortly. “A dormitory for trainers is already under construction. We are inviting academies to assess the facilities and suggest changes so we can build a truly world-class Golf Excellence Academy,” he said.

Professional golfer Aryan Roopa Anand noted that the floodlit course would be a game-changer for young players. “Students can now practise after school hours, even up to 8 or 9 pm, without compromising on academics,” he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.