This is an update on the same August’20 incident reported earlier here.
After the breach incident last year, thorough post-mortem audits have been conducted, including an independent PCI Forensic Investigation (PFI) by Verizon.
The PFI audit confirmed that Juspay’s threat mitigation protocols did detect and halt the breach early on. The breach was restricted to an isolated system, limited to masked card information. No other financially sensitive data was accessed.
While Juspay has always followed the industry benchmarks, we understood that the bar is much higher and we have been working towards building a solid security posture.
- We have undertaken a series of containment measures to improve the overall security backbone of our organization. These include tightening the security at end-points, network, cloud, application and implementing necessary processes to get to a zero-trust model.
- Juspay continues to invest in a strong Identity & Access Management with multi-factor authentication for all our systems, advanced end-point protection on cloud and devices, comprehensive encryption of data at rest (GDPR compliance), tighter network restrictions, and multidimensional monitoring & alerting systems for code, cloud and credentials.
- We also deployed tools and experts from internationally renowned organizations including AWS, Palo Alto Networks, PwC and others.
Across the globe, tech-infrastructure companies are being constantly targeted by cyber attackers. Hackers, like the one involved in this case, generally attempt to monetize such illegally obtained data. They try selling it to interested third parties or even demand ransoms. To mitigate such attempts, we are engaged with the relevant government and law enforcement authorities.
This experience has been a humbling one for us and has further motivated us to dig deeper into the ‘first principles of Security and Privacy’. We continue to share the lessons learnt and collaborate with our partners to institute best practices that benefit the entire ecosystem.
You can write to us at firstname.lastname@example.org for any queries.
Thank you 🙏🏻