According to Ravi Kumar, co-founder, and CEO of Upstox, the business has limited access to the affected database and implemented numerous security improvements at all third-party data-warehouses.
Upstox, a retail broking company, has notified consumers of a security compromise that exposed client contact information and KYC information but has assured them that their money and assets are secure. The news comes on the wake of allegations of data breaches at MobiKwik, Facebook, and LinkedIn, among others.
“We have hired a prominent international cyber-security company to examine the possibility of a breach of certain KYC data held in third-party data warehouse systems after receiving e-mails alleging unauthorized access to our database. Hackers posted a sample of our data on the dark web this morning “In an emailed statement, a business spokesman stated.
The business has implemented numerous security improvements, especially at third-party warehouses, real-time 24×7 monitoring, and extra network ring-fencing, according to the spokesman. “We’ve also started a secure password reset using OTP for all Upstox users out of an abundance of caution. Upstox is concerned about the safety of its customers.
“All Upstox clients” funds and assets are safeguarded and kept secure. We’ve also informed the appropriate authorities about the event “According to the spokesman. “At this time, we don’t know with confidence the number of clients whose data has been exposed,” the spokesman said.
Upstox has over three million members and is supported by investors such as Tiger Global and Ratan Tata. Upstox co-founder and CEO Ravi Kumar said on the business website that clients’ money and assets are secured and safe.
“Funds may only be transferred to connected bank accounts, and securities are kept by the appropriate depositories.”
We’ve also started a secure password reset using OTP out of an abundance of caution. We’ve also strengthened our processes to the greatest possible levels throughout this period “he said
He went on to say that the firm has limited access to the affected database and has implemented numerous security improvements at all third-party data warehouses. The business has also increased its bug bounty program to encourage ethical hackers to stress-test its systems and procedures on a regular basis and assist it in identifying any flaws.
Customers are advised to use unique strong passwords that are distinct from previous versions and not to share OTPs with others, according to the firm. Customers should be wary of online fraud and double-check the authenticity of links and senders, as well as keep an eye out for OTPs they have requested and notify the service provider if they get one.