Retail company Upstox warned customers of security breaches including KYC’s contact details and customer information, but assured users that their funds and security remained secure. The development comes after reports of data breaches in organizations such as MobiKwik, Facebook and LinkedIn.
“In the wake of emails claiming unauthorized access to our database, we have appointed a leading international security company to investigate potential breaches of certain KYC data stored in third-party storage systems.” “This morning, the criminals posted a sample of our information on a dark web,” a company spokesman said in a statement.
The spokesman added that as a practical measure, the company has introduced a number of security enhancements, especially in third-party storage areas, 24 × 7 real-time monitoring and the installation of additional telecommunications. “With extreme caution, we have also started resetting a secure OTP password for all Upstox users. Upstox takes the security of customers seriously.
“The finances and security of all Upstox customers are protected and kept safe. We have also reported the incident to the relevant authorities,” the spokesman said. The spokesman went on to say that at the moment, “we do not know exactly how many customers have their data disclosed”.
Upstox, backed by investors such as Tiger Global and Ratan Tata, has more than three million users. On the company’s website, Upstox founder and CEO Ravi Kumar said customer finances and security are protected and remain safe. On the company’s website, Upstox founder and CEO Ravi Kumar said customer finances and security are protected and remain safe.
Funds can only be transferred to your linked bank accounts and your security is secured at the appropriate deposit. “We need to be vigilant with OTP. During this time, we have intensified our plans,” he said.
He also added that the company blocked access to the affected database, and added multiple security enhancements to all data-parties. The company has also strengthened its bug bounty program to encourage ethical hackers to press test their systems and processes and help them identify any shortcomings from time to time.
The company urged customers to always use different passwords that are different from older versions and do not share OTPs with anyone. It also urged customers to be aware of online fraud and double check the validity of the links with senders, monitor the OTPs they have requested and notify service providers at such events.