SUMMARY
CDSL says there is no reason to believe any confidential information or investor data was compromised
The central depository said that it has isolated the machines and has disconnected itself from other constituents of the capital market
A Google executive had estimated that the country saw 18 Mn cyberattacks and 2 Lakh threats per day in the first quarter of 2022
In an incident that has raised alarm, the Central Depository Services Limited (CDSL) on Friday (November 18) said that it detected malware in a few of its internal machines.
“As per initial findings, there is no reason to believe that any confidential information or the investor data has been compromised,” said CDSL in a regulatory filing.
The central depository said that it isolated the machines after the incident came to light and immediately disconnected itself from other constituents of the capital market. The CDSL website has now been offline for more than 12 hours now.
CDSL said that it has already reported the incident to relevant authorities and was working with cyber security advisors to analyse the impact of the breach.
“Resolution of the incident is in process, subsequent to which settlement activities would be completed,” added the government arm.
Meanwhile, the central depository said that clearing and settlement processes were affected due to the incident, adding that the payout of funds and securities would be delayed.
Founded in 1999, CDSL is the country’s largest securities depository institution that manages Demat or stock broking accounts for millions of stock market investors.
Promoted by banking giants such as the State Bank of India, Bank of Baroda, Axis Bank and HDFC Bank, CDSL maintained and serviced more than 7.34 Cr Demat accounts, as of September. It also catered to 19,301 companies, holding INR 38 Lakh Cr worth of securities in its Demat custody.
Cybersecurity Under Lens
This is not the first time that CDSL has been hit by a cyberattack. In November last year, one of the depository’s subsidiaries, CDSL Ventures, was found storing the personal and financial data of 4.39 Cr Indian investors in an unsecured manner.
A month prior, a cybersecurity firm had discovered another critical security vulnerability in CDSL, which allegedly exposed extremely sensitive personal and financial data of more than 43.9 Mn Indian investors.
Apart from the depository, multiple government arms have also made the headlines for similar reasons. In October, it was widely reported that Chinese government-backed hackers had allegedly targeted India’s National Informatics Centre (NIC) in a cyberattack.
Earlier this year, Chinese cyber attackers allegedly broke into a network of seven power grid hubs in north India, including Ladakh. In the same month, Oil India Limited (OIL) also suffered a major cyberattack where perpetrators demanded $75,00,000 in Bitcoin as ransom.
Last month, messaging platform WhatsApp also had a massive outage that lasted for more than two hours. While the platform blamed it on a technical glitch, it also submitted a report on the matter to the Ministry of electronics and information technology (MeitY).
Such has been the scale that even central leaders have raised alarm over the matter. Earlier, defence minister Rajnath Singh called for a concerted global effort to counter emerging security threats such as cyber attacks and information warfare.
Market watchdog Securities and Exchange Board of India (SEBI) is also purportedly working on a cyber security framework to address issues related to cyber fraud, data leaks and hacking of trading accounts.
Previously, Google estimated that the country saw 18 Mn cyberattacks and 2 Lakh threats per day in the first quarter of 2022. A report estimates that Indian firms lost an average of INR 17.6 Cr in the financial year 2021-22 (FY22) on account of data breaches.
