Delay in reporting ATM breach costs YES Bank $1 million penalty


As a fallout of the massive breach of security that happened between May and June 2016 across thousands of its ATMs countrywide, YES Bank has been slapped with a fine of US$1million by India’s Reserve Bank of India.

The charge by the central bank on this constituent bank is essentially for the delay in reporting the breach, caused by a malware injected into the Hitachi servers and went un detected for over 2 months.

Independent auditors who investigated on the breach submitted a report that the malware injection occurred within the Hitachi servers  and went undetected for almost two months in mid-2016.

Hitachi Payment Systems admitted culpability to the glitch caused in the pan-India ATM network of YES Bank, though the confession came much later than the time of the incident.

The mishap had caused 13 nationalized banks in India to recall millions of their Debit Cards, and change of PIN identities, in a damage-control move that cost unnecessary expense of time and money.

Subsequent investigations by National Payments Corporation of India found that cases of illegal withdrawals were limited to 641 customers of 19 banks, and the total amount involved was 13 million rupees ($194,600).

Although the breach occurred sometime in mid-2016, YES Bank failed to report the compromise until September of that year – a clear delay of over two months – which attracted the reprimand from Reserve Bank, and a penalty of one million dollars in equivalent Indian rupees for the fault.

Speaking on behalf of RBI, Jose Kattoor, Chief GM said, “ This action is based on deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers.”


Please enter your comment!
Please enter your name here