wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , ,

MobiKwik still under RBI scanner after alleged data breach in February: RTI

The incident which allegedly compromised sensitive user data has continued to haunt the IPO-bound fintech unicorn.

MobiKwik, which allegedly suffered a data breach earlier this year, is still under the Reserve Bank of India’s scanner. The payment startup has submitted its third-party forensic audit report to the financial regulator and is being currently examined by the RBI, an RTI response revealed.

In the RTI filed by independent security researcher Srinivas Kodali and seen by MediaNama, RBI was asked regarding the action that has been taken in regards to the cyber security incident. RBI replied,”The forensic audit report submitted by the entity is under examination.”

Meanwhile, RBI also declined to disclose information regarding the number of security incident reports that it received in 2021. “As the disclosure of the requested information would impact customer confidence on payment systems thereby affecting the economic interests of the State, the same is exempt from disclosure under Sec 8(1)(a) of the RTI Act, 2005.”

Instances of data breaches leading to personal data being sold on the dark web are increasing year-on-year even as India’s Data Protection Bill is still in the works. Without a data protection authority, there is regulatory ambiguity in terms of who should respond to and investigate such breaches.

What exactly happened with MobiKwik?

In February, cybersecurity researcher Rajshekhar Rajaharia alleged that sensitive data belonging to millions of cardholders and users stored on MobiKwik’s servers was compromised and that it was put up for sale online. In April, PTI reported that RBI had ordered a third-party forensic audit into allegations of the data breach.

Advertisement. Scroll to continue reading.

The data dump, around 8.2 terabytes, allegedly included sensitive financial information of MobiKwik users and more:

  • 36 million files containing KYC information belonging t0 3.5 million people
  • Around 7.5 TB worth of KYC data pertaining to over 3 million merchants on MobiKwik’s network
  • Total of 350 GB of MySQL dumps that include 500 databases
  • 99 million users’ phone numbers, emails, hashed passwords, addresses, bank accounts, and card details
  • Over 40 million card details, up to 10 digits, have also been leaked with month, year, and card hash data

Forensic audit clearing MobiKwik came with a disclaimer

In July, MobiKwik in its draft red herring prospectus (DRHP), said it had taken cognisance of reports of a data breach.

Following such media reports, we engaged an independent digital forensic audit expert to conduct an audit relating to these allegations. The forensic audit expert subsequently reported that based on the analysis of logs/ data provided to them, there was no unauthorised access from outside of our Company’s infrastructure or internally to the database server wherein customer data is stored, during the review period — MobiKwik in its DRHP

However, there were some caveats. MobiKwik said that the forensic audit expert’s report was limited to —

  • Virtual walkthrough of its systems
  • Not analysing employee devices
  • Review was based on logs made available by the platform
  • Certain non-mandatory logs were not available for audit

“In addition to the recent incident, in 2010, when we were operating at a relatively smaller scale, a hacker had gained unauthorized access to our operating systems, which resulted in certain disruption in our operations,” the payments startup said.

Also read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ