wordpress blog stats
Connect with us

Hi, what are you looking for?

, ,

Security vulnerability at India’s largest depository exposed sensitive data of investors: Report

CDSL has patched the flaw that was exploited to access a gold mine of investors’ details on more than one occasion.

Source: CyberX9

India’s largest securities depository  Central Depository Services Limited (CDSL) exposed sensitive data of around 4.39 crore investors, cybersecurity firm CyberX9 reported on November 8. CDSL is one of the two SEBI-regulated depositories that hold securities like shares, mutual funds, and bonds in electronic format. Nearly 600 stockbrokers who collectively have over 4 crore investor accounts are associated with CDSL. Although the vulnerabilities that exposed the sensitive data have now been fixed, there are significant ramifications if the data fell into the wrong hands. "We strongly suspect that the data might’ve already been stolen by malicious attackers," CyberX9 said. "There is a need for a fair security audit of CDSL by the government," the firm added. MediaNama has reached out to CDSL for comments and will update this report if we receive a response. Twice in one month On October 19, CyberX9 discovered a critical security vulnerability in CDSL and reported the same to the company. The company reportedly took "7 days to fix the vulnerability while an immediate fix could’ve been done in max two hours," CyberX9 said. Notwithstanding the delay in fixing the issue, CyberX9 on October 29 "found a laughably easy and complete bypass for the fix that CDSL implemented to patch the earlier reported vulnerability." The cybersecurity firm reported the same to CDSL the next day and the vulnerability was fixed on November 1. What personal and financial data were exposed? CyberX9 reported that the exposed data includes sensitive personal details like: Full name Complete PAN No Gender Marital…

Please subscribe/login to read the full story.
Written By

Free Reads

News

Any licensed service provider will be eligible for testing in the regulatory sandbox as principal applicants, provided they meet the conditions laid down for...

News

The FIR has been filed with the Cyber Crime Cell of the Mumbai Police against an undisclosed person under sections of the Indian Penal...

News

Paytm streamlines UPI services, transitioning users from Paytm Payments Bank to four major PSP banks after NPCI green light.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ