GUWAHATI: India based payment aggregator, Juspay, has acknowledged that it suffered a data breach which has put payment records of more than 3.5 crore users available on dark web for sale.
The breach took place on August 18, 2020. However, the company had issued a clarification in the blog post only after entrepreneur and internet security researcher, Rajshekhar Rajaharia, spotted the data being sold on the dark web.
Datastore of Juspay, a Bengaluru-based start-up, was compromised in August 2020 resulting in the breach of over 3.5 crore records.
A partner for some of the leading merchants including Amazon, Swiggy, MakeMyTrip, Yatra, Freecharge, BookMyShow and Snapdeal, amongst others, Juspay processes around 6,50,000 transactions per day.
While the screenshots available on the web have the cardholders' details such as bank name, last four digits of the card, expiry month and year, amongst others, Juspay claims that 3.5 crore records with masked card data and card fingerprint which are non-sensitive information were breached.
Juspay also claims that no CVV, PINs or passwords are stored by the company and hence this data was not compromised.
(Inputs from agencies)