CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors

SUMMARY

The exposed data includes sensitive personal details of investors including their complete addresses

It also included financial details such as the annual income tax return filed, income estimates, net worth, demat account number and more

This is the second instance of vulnerability in CDSL databases reported within the last month

In yet another glaring cybersecurity issue that has raised alarms in the tech world, CDSL Ventures (CVL), a subsidiary of stock broking accounts provider CDSL or Central Depository Services Ltd, was found to be storing personal and financial data related to 4.39 Cr investors in India in an unsecured manner.

This is the second instance of vulnerability in CDSL databases reported within the last month. Both were reported to the company by Chandigarh-based cybersecurity startup CyberX9, and have now been fixed after an audit, as per CVL.

It must be noted that while data was exposed, it is not clear whether it was accessed by unauthorised parties. CVL is involved in KYC-related work for CDSL, which manages demat or stock broking accounts for millions of stock market investors in India. While India also has the National Securities Depository Limited (NSDL), CDSL is by far the largest player with 70% market share.

The exposed data is said to include sensitive personal details of investors including their full name, PAN details, gender, marital status, father/spouse’s full name, complete date of birth, nationality, all addresses, contact numbers, email IDs, occupation details and more.

More worryingly, it also included some financial details such as the annual income tax return filed, income estimates, net worth, demat account number, broker name, and CDSL client ID, which is used by stock broking firms. The data is said to date back to around 2005.

“CVL had received a vulnerability alert on the website of CVL which has since been mitigated. We would like to state that CVL took immediate actions to mitigate the vulnerability and have worked proactively to further address any other potential security issues,” CDSL said in press statements, according to news reports.

CyberX9, which reported both vulnerabilities, said the exposed data, “could be a virtual gold mine also for phishers and scammers,” and claimed it was able to find the loopholes very easily, indicating unauthorised parties would have been able to access it without using too many resources.

However, CDSL has responded that no unauthorised access is evident in this case. CVL is one of the largest cybersecurity vulnerabilities, and once again highlights how digital security practices can have an impact on the financial wellbeing of an individual or business.

Earlier this year, IPO-bound fintech company MobiKwik was at the centre of a massive data leak, which exposed the data of over 11 Cr users including merchants who had been using MobiKwik’s services. While MobiKwik has denied that there was any breach, the RBI is conducting an inquiry into this matter even as the company pushes for a public listing.

Besides this, Pine Labs was also caught in a potential data leak earlier this year, when 50,000 unique records from its user base were exposed, while sensitive personal data of users related to over 18 Cr orders from pizza chain Domino’s India appeared on the dark web in May.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Unlock The Ultimate Startup Intelligence With Inc42 Plus

Join 10,000+ Startup Founders & Leaders And Gain The Ultimate Startup Edge

Prices Increases In
countdownmail.com
2 YEAR PLAN
₹19999
₹5999
₹249/Month
UNLOCK 70% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3499
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors-Inc42 Media
CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors-Inc42 Media
You’re in Good company