TheNFAPost Podcast

A vulnerability in the Central Depository Services (India) Limited (CDSL) subsidiary, CDSL Ventures Limited (CVL), exposed the personal and financial information of over 43 million Indian investors online. The data was exposed twice in a 10-day period.

The cybersecurity team first reported the matter to CERT-In and NCIIPC on October 19. It took the organisation almost a week to fix the vulnerability.

Personal information such as full name, entire PAN No, gender, marital status, father/full spouse’s name, date of birth, nationality, complete residential address, complete permanent address, contact number(s), email address, and occupation details were among the data exposed by the security flaw.

According to CyberX9, the problem could have been resolved in two hours. This breach will have an impact on investors since they will almost certainly become the target of phishing attacks in which hackers impersonate brokers, banks, and corporations in order to defraud them of their money. It could also lead to income tax refund scams and even extortion.

“Both times data of people being exposed was of those who did their market securities KYC…Similar to last time, the discovered issue was an authorisation vulnerability in a public CDSL’s KYC API, leading to exposing the massive amount of sensitive data to the whole internet,” CyberX9 reported.

Previous articleIndia Poised To Achieve Services Export Target Of $1 Trillion By 2030: Piyush Goyal
Next articleKKR Names K V Kamath As Senior Advisor For India Business


Please enter your comment!
Please enter your name here