Suparna Goswami reports:
The Reserve Bank of India has slapped a $1 million (U.S.) penalty on Yes Bank for failing to promptly notify the central bank of a 2016 data breach of its ATM network. This is reportedly the first such penalty imposed on a bank.
OK, this was a breach of the Yes Bank ATM network, which was managed by Hitachi Payment Services. So Hitachi should have timely notified the bank, who in turn, should have timely notified the central bank.
but listen to the rules, as described by the reporter:
According to RBI notification rules, banks must report breaches within two to six hours of discovery even if a third party is responsible for the incident. “
Yikes.
Read more on BankInfoSecurity.