Stock market broker Upstox in a statement acknowledged a data breach after an independent cybersecurity researcher tweeted that the firm’s customer data was on sale on the dark web. The company has apparently upgraded its security systems now and has assured retail investors that their holdings are safe. While Upstox is yet to confirm the details, it is learnt that the hackers have sought a ransom of $1.2 million (Rs 9 crore) to not publicise the user data. The data of some one lakh Indian investors has already been made public as a warning. We have reached out to Upstox for comment, we will update this post if we receive a response. The security breach was first reported by Rajshekhar Rajaharia, an independent internet security researcher, who claims that data of some 25 lakh users and 5.6 crores Know Your Customer (KYC) data have been leaked. The leaked user data includes names, birthdates, PAN, passport and photos of user signatures, among other things, Rajshekhar told Medianama. However, Upstox did not clarify the impact of the data breach in its statement. The broker said it restricted access to the impacted database, enhanced security for third-party data warehouses, separated user data from financial assets, and has set up a real-time monitoring system. It has also initiated a password reset using OTP. “We are further amping up our industry-class bug bounty program to encourage ethical hackers to stress test our systems and protocols and help us identify any vulnerabilities from time to time,”…
