The Union Finance Ministry sought information from the Indian Banks Association about the implications of a security breach at a payment services provider that manages ATMs for a private-sector bank, The Indian Express reported on Friday. Banks have also blocked more than 32 lakh debit cards as a pre-emptive measure to prevent monetary and data theft.

Nineteen banks and 641 customers had complained of fraudulent withdrawals amounting to Rs 1.3 crore, the National Payments Corporation of India said. “Necessary corrective actions have already been taken and hence there is no reason for bank customers to panic,” NPCI Managing Director AP Hota said. “[The] Advisory issued by NPCI to banks for re-cardification is more as a preventive exercise.”

While bankers have pointed towards a malware-related breach in the systems of Hitachi Payments Services between, the company said an audit conducted in September did not suggest any such event. “The final report is expected by mid-November,” said HPS Managing Director Loney Antony.

Meanwhile, banks and payment gateways such as Yes Bank and Mastercard said they were cooperating with investigators and reviewing their own systems for evidence of a breach. “We will be reimbursing all the customers who have lost their money within a week, and we are talking to other banks to sort out how to reimburse or collect money from them,” a banker said, according to The Economic Times.

The breach, which is being touted as the biggest in India, took place between May and July, and could have affected up to 3.2 million people. The banks affected include Axis Bank, HDFC Bank, ICICI Bank, State Bank of India and Yes Bank. The Payments Council of India ordered for a forensic audit of bank servers and systems to detect the origin of fraud. The Reserve Bank of India said that it was also investigating the matter.

The breach came to fore only after several customers complained to banks that their cards had been used in China at various ATMs and point of sale terminals.