Retail broking firm Upstox suffered a massive data breach affecting the personal data of 2.5 Mn of its customers, according to several media reports on Sunday (April 11, 2021). Thereafter, the company admitted that earlier claims about the data breach were right and it has since strengthened its cybersecurity systems.
According to cybersecurity researcher Rajshekhar Rajaharia, 2.5 Mn users were affected and 56 Mn KYC data files were leaked — including email, date of birth, passport, PAN, etc. — by hacker group ShinyHunters.
The hacking group is rumored to have been behind multiple data breaches of Indian startups over the past one year such as Dunzo, BigBasket, JusPay, ChqBook, among others.
“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database. These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” said the company on its blog.
The Upstox data leak comes at a time when cybersecurity breaches seem to have picked pace in the past few months — from the data leak of 100 Mn Mobikwik users to 500 Mn+ Facebook users (of which 6 Mn were Indian accounts) to over500 Mn LinkedIn users.
In one of the biggest data breaches in India, in March, Gurugram-based fintech company MobiKwik was rocked by the allegations of data of over 100 Mn users being leaked. The allegation that was repeatedly denied by the company also led to a warning by the RBI who ordered an external auditor to conduct a forensic audit on the breach.
Last week, Microsof ..