New Delhi: In what could be termed as a major data and privacy issue, around 11 crore users of Mobikwik face potential data breach.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

As per reports in the media, the KYC details of the digital wallet company that usually includes PAN card, Aadhaar card, debit/credit cards, phone numbers among several personal details, have been leaked online and is up for sale on the dark net.


In February this year, independent security researcher Rajshekhar Rajaharia had claimed that personal data of about 11 crore Mobikwik users, 
probably the largest KYC data breach, had been compromised and were up for sale on the darknet. But the claim was completely denied by the company then.



Meanwhile, renowned French cybersecurity expert Elliot Anderson also known as Robert Baptiste has backed Rajaharia data breach claim.



The volume of the data leak on the dark web amounts to 8.2 TB of data. Media reports further said that a seller who has set the data on sale in the darknet is seeking 1.5 Bitcon (approximately Rs 63 lakh) for deleting the leaked data.


Meanwhile, a MobiKwik spokesperson told Zee Media, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which, includes annual security audits and quarterly penetration tests to ensure security of its platform." 


"As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe,” the spokesperson added.