MobiKwik, which allegedly suffered a data breach earlier this year, is still under the Reserve Bank of India's scanner. The payment startup has submitted its third-party forensic audit report to the financial regulator and is being currently examined by the RBI, an RTI response revealed. In the RTI filed by independent security researcher Srinivas Kodali and seen by MediaNama, RBI was asked regarding the action that has been taken in regards to the cyber security incident. RBI replied,"The forensic audit report submitted by the entity is under examination." Meanwhile, RBI also declined to disclose information regarding the number of security incident reports that it received in 2021. "As the disclosure of the requested information would impact customer confidence on payment systems thereby affecting the economic interests of the State, the same is exempt from disclosure under Sec 8(1)(a) of the RTI Act, 2005." Instances of data breaches leading to personal data being sold on the dark web are increasing year-on-year even as India’s Data Protection Bill is still in the works. Without a data protection authority, there is regulatory ambiguity in terms of who should respond to and investigate such breaches. What exactly happened with MobiKwik? In February, cybersecurity researcher Rajshekhar Rajaharia alleged that sensitive data belonging to millions of cardholders and users stored on MobiKwik's servers was compromised and that it was put up for sale online. In April, PTI reported that RBI had ordered a third-party forensic audit into allegations of the data breach. https://twitter.com/rajaharia/status/1365324943630561281?ref_src=twsrc%5Etfw The data dump, around 8.2…
