Government of India has admitted that close to 30 lakh debit cards were infected by malware, which threatened financial privacy and security of millions of users last year.
“RBI has informed that Hitachi Payment Services (HPS) appointed SISA Infosec for PCI forensic investigation. The final report suggested that the ATM infrastructure of HPS was breached and the data between May 21 and July 11, 2016, were compromised, but not the POS (point of sale) infrastructure,”.
Till yet only Bank of Maharashtra have came with the UPI fraud, other banks haven't commented. Source says that two more banks have been suffered from UPI fraud but they haven't came up.
An employee of Infrasoft Technologies, which created Bank of Maharashtra’s UPI app said, “We have reported losses from December 1 but we got to know about it on January 18. There is a “collect money” feature on UPI which was used by fraudsters who opened fake accounts using fake SIM cards…The investigation is on and more details should be out soon.”
Source: Trak, Hindustan times, money control