Allegedly stemming from malware planted in the systems of Hitachi Payment Services, the cyber breach affected the State Bank of India (SBI), HDFC Bank, ICICI Bank, YES Bank, and Axis Bank.
"Our internal monitoring mechanism identified such a threat recently and all steps have been undertaken to neutralize the same," Axis Bank said in a statement.
"As a responsible financial institution, we proactively communicate potential threats to the regulator."
The National Payments Corporation of India (NPCI) is investigating the matter.
"Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole forensic audit of the entire network will help us find out where the compromise happened," reads a statement from NPCI, according to the Economic Times.
Roughly 2.6 million of the affected debit cards are believed to be Visa or MasterCard, while the remaining 600,000 are on the RuPay platform.
The NPCI statement adds that "we have received complaints from banks about debit cards being used in China which aroused suspicion."
SBI said it would reissue 600,000 debit cards.
"Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers," the bank’s chief information officer, Mrutyunjay Mahapatra, told the Economic Times.
"Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured customers that there has not been any breach on the ATM network of SBI."
A separate cyberattack occurred in July, when an offshore account belonging to the state-run Union Bank of India Ltd. was hacked. The bank managed to prevent a transfer of funds, however.