In a statement, Upstox spokesperson said that the company doesn’t know with certainty the number of customers whose data has been exposed.
Trading app Upstox has alerted customers of a security breach that exposed contact data and KYC details of customers. The retail broking firm assured users that their funds and securities remain safe despite the breach. This comes close on the heels of reports of data breaches at organisations like Facebook, LinkedIn, and MobiKwik. “On receipt of e-mails claiming unauthorised access into our database, we have appointed a leading international cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems. This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an e-mailed statement.
The Upstox spokesperson also said that as a proactive measure, the company has initiated multiple security enhancements, particularly at the third-party warehouses, real-time 24×7 monitoring and additional ring-fencing of its network. “As a matter of abundant caution, we have also initiated a secure password reset via OTP for all Upstox users. Upstox takes customer security extremely seriously. Funds and securities of all Upstox customers are protected and remain safe. We have also duly reported this incident to the relevant authorities,” the spokesperson said.
We have upgraded our security systems in light of recent events around unauthorized database access. Read more: https://t.co/1axNC83CG6
— Upstox (@upstox) April 11, 2021
The spokesperson further said that at this point, “We don’t know with certainty the number of customers whose data has been exposed.” Upstox, backed by investors like Tiger Global and Ratan Tata, has over three million users. In an announcement note on the company website, Upstox co-founder and CEO Ravi Kumar said funds and securities of customers are protected and remain safe. “Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” he said. Kumar added that the company has restricted access to the impacted database, and added multiple security enhancements at all third-party data-warehouses.