India IT watchdog investigating breach in ATM heist
By Swati Pandey and Supantha Mukherjee
MUMBAI/BANGALORE (Reuters) - The Indian government's cyber watchdog is investigating how security at two companies that are part of the country's vast IT services industry was breached in a global ATM heist that saw $45 million stolen from two banks in the Middle East.
EnStage Inc, which operates from Bangalore, and ElectraCard Services, based in the Indian city of Pune, processed card payments for the two banks that were hit in the theft, several people familiar with the situation said.
"We are investigating the technical aspect," Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT), part of the department of electronics and information technology, told Reuters by phone on Sunday.
"What kind of breach has happened in the system, how did it happen, what processes are in place, and the entire technical aspect we will look at," he said, adding that the agency had started its investigation on Saturday.
U.S. prosecutors said on Thursday that hackers broke into two card processing companies, raising the balances and withdrawal limits on accounts that were then exploited in coordinated ATM withdrawals around the world.
The prosecutors did not name the two companies but said one was based in India and the other in the United States.
While details of what happened are still sketchy, experts said the banks could bring claims against the processing companies in court, or they could file claims with their insurers and those of the processing companies.
According to a U.S. official and a bank employee, who both spoke on condition of anonymity, ElectraCard Services was the company that processed prepaid travel cards for National Bank of Ras Al Khaimah PSC (RAKBANK). RAKBANK suffered a $5 million coordinated heist at ATMs around the world on December 21 last year, according to the U.S. indictment. Continued...