A data breach at a payment platform Juspay exposed users’ masked card data and card fingerprints
Juspay is a Bengaluru-based start-up, which processes around 650,000 transactions per day partnering with companies such as Amazon, Swiggy, Snapdeal, and MakeMyTrip. The breach, which took place in August 2020, exposed 3.5 crore records, which were then auctioned on the dark web. The company claims that breached information is limited to masked card data and card fingerprints but the screenshots available on the web include more sensitive information such as bank name, last four digits of the car, expiry month, and year of the card. Since no CVV, PINs, or passwords were stored by the company, Juspay claims that no such data had been compromised. After the data breach, Juspay introduced 2-Factor Authentication for all tools in the company and started collaborating with threat intelligence experts to ensure higher security for the future.