Menu
BW CFO World
Community for Finance Professionals, Consultants and allied businesses
  • Home
  • News
  • Videos
  • Articles
    • Credit & Capital
    • Economic Trends
    • Financial Compliance
    • Financial Leadership
    • Financial Management
    • Financial Reporting
    • Financial Strategy
    • Risk Management
    • Taxation
  • Featured
  • Nominate for Awards
Close Menu
data security
November 8, 2021

Info Of 4.39 Cr Investors Exposed Twice Within 10 Days Due To Data Breach At CDSL’s KYC Arm: CyberX9

Urvi Srivastava Credit & Capital breach, CDSL, CyberX9, data, KYC, SEBI

According to CyberX9, it reported the vulnerability on October 19, to CDSL and the securities depository took around 7 days to fix it which could have been resolved immediately.

A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days, according to cyber security consultancy startup CyberX9. The Central Depository Services (India) Limited (CDSL) is a Sebi registered depository and CDSL Ventures Ltd is a KYC registering agency separately registered with the Securities and Exchange Board of India (SEBI).

CDSL said that CVL has taken immediate action and the vulnerability has been mitigated now.

According to CyberX9, it reported the vulnerability on October 19, to CDSL and the securities depository took around 7 days to fix it which could have been resolved immediately.

“We verified the fix before publication and it was no longer exploitable. Later, on October 29th, our research team got to work again and within a couple of minutes they found an easy and complete bypass for the fix that CDSL implemented to patch the earlier reported vulnerability.

“CERT-In and NCIIPC also accepted our vulnerability report for CDSL,” CyberX9 Founder and Managing Director Himanshu Pathak told PTI.

The exposed data includes investors name, phone number, email address, PAN, income range, father’s name, date of birth etc, CyberX9 said in its blog.

When contacted CDSL said that there has been no security issue or data vulnerability at CDSL.

“CVL had received a vulnerability alert on the website of CVL which has since been mitigated. We would like to state that CVL took immediate actions to mitigate the vulnerability and have worked proactively to further address any other potential security issues,” CDSL said.

Both the entities – CDSL and CVL, as separate regulated entities with SEBI, have a clear arm’s length relationship, CDSL said.

CyberX9 said that the vulnerability was not highly complex the second time its team discovered it.

“We strongly suspect that the data might have already been stolen by malicious attackers. There is a need for a fair security audit of CDSL by the government,” CyberX9 blog said.

The Chandigarh-based cyber security startup said that the information exposed by CDSL could be a virtual gold mine for phishers and scammers involved in the so called business of e-mail compromise which often impersonate brokers, banks, and businesses in a bid to trick individuals and companies into transferring funds to fraudsters.

“Armed with such access to CDSL KYC data, phishers and scammers would have an endless supply of compelling scamming templates for calls and emails to use. A database like this would also give fraudsters a constant feed of new investors getting KYC to target them,” CyberX9 said.

The sensitive personal and financial data exposed to massive numbers of people can lead to things like financial fraud, identity theft, and exposing people to things like extortion, targeted attacks against people, etc.

(PTI)

Urvi Shrivastav

→ Urvi Shrivastav

Coal India’s Price Hike Plan Likely To Be Delayed FinMin To Start Process For Appointment Of MD, DMDs Of Rs 20K-Cr NaBFID

Related Posts

Chandrasekar-K-1

Credit & Capital, Economic Trends

Leading with empathy is the correct mantra for success

20220331_113353

Credit & Capital, Economic Trends

Govt orders probe into fire incident involving Ola

indian rupee

Credit & Capital, Economic Trends

Asian stocks rise as Ukraine peace talks appear to progress

Movements

  • adobe danDan Durn Appointed As Adobe’s New Chief Financial Officer
  • Vineet Mahajan_Vineet Mahajan Appointed As New CFO Of Avanse Financial Services On Sept 27
  • bharat pet director financeVetsa Ramakrishna Gupta To Lead Bharat Petroleum As Director Finance
  • tender cuts cfoTenderCuts Names Satya Rakesh as New CFO
  • dailmer CFOManish Thakore Helms Daimler India Commercial Vehicles as CFO

Selected Stories

  • Chandrasekar-K-1Leading with empathy is the correct mantra for success

    Read more

  • 20220331_113353Govt orders probe into fire incident involving Ola

    Read more

  • indian rupeeAsian stocks rise as Ukraine peace talks appear to progress

    Read more

  • economyTata Coffee rallies nearly 13 pc; Tata Consumer jumps over 5 pc

    Read more

  • rupeeRupee rises 4 paise to 75.69 against US dollar in early trade

    Read more

Categories

  • Accounting
  • CFO Stance
  • Credit & Capital
  • Economic Trends
  • Featured
  • Financial Compliance
  • Financial Leadership
  • Financial Management
  • Financial Reporting
  • Financial Strategy
  • Financial Technologies
  • Global News
  • Interview
  • Movements
  • Risk Management
  • Taxation

Recent Comments

    Back To Top
    BW CFO World
    • Home
    • News
    • Videos
    • Articles
      • Credit & Capital
      • Economic Trends
      • Financial Compliance
      • Financial Leadership
      • Financial Management
      • Financial Reporting
      • Financial Strategy
      • Risk Management
      • Taxation
    • Featured
    • Nominate for Awards
    © Copyright BW BUSINESSWORLD 2018. All Rights Reserved.