The Security and Exchange Board of India, shortly known as SEBI, is in news for all wrong reasons as two of its business subsidiaries are caught in a data scandal leading to the leak of information related to more than 40m customers.
Inquiries made by Cybersecurity Insiders have revealed that two of the SEBIās business arms named Central Depository Services Limited (CDSL) Ventures LTD and CDSL failed to protect the information of their users respectively, leaving the data exposed to hackers for a week.
Cybersecurity Startup CyberX9 made a discovery on October 29th,2021 that a software vulnerability could a have left the stored exposed to hackers that includes sensitive information such as PAN card numbers, Aadhaar card details, names, contact numbers, contact email addresses, income range, fatherās name and dobs of various individuals seeking services of SEBI.
In two instances, researchers from CyberX9 alerted CDSL ventures about the vulnerability on its database that could expose data to unwanted individuals. However, the IT staff of CSDL took a bit more time than usual to fix the issue, leaving the server exposed online for several days. So, there is a good amount of chance that the exposed server could have acted as a gold mine for those launching phishing and identity theft attacks.
CERT-In and National Critical Infrastructure Protection Centre- NCIIPC have taken a note of the data breach that could lead to serious consequences in near future.
Note– CDSL is a SEBI Registered central repository and CDSL Ventures LTD acts as a KYC registering agency backed by SEBI.
