RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach

RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach

SUMMARY

Reports of an alleged data breach of 100 Mn MobiKwik users appeared earlier this year

An RTI filed by a security researcher revealed that the RBI has taken cognisance of the data breach and is examining the forensic audit report

MobiKwik is close to its IPO and is looking to raise INR 1,900 Cr through the public market

IPO-bound digital payments platform MobiKwik, which was involved in a massive data leak earlier this year, is still under scrutiny by the Reserve Bank of India even as it inches closer to its public offering. 

An RTI filed by cybersecurity researcher Srinivas Kodali revealed that the RBI has taken cognisance of the data breach and is examining the forensic report submitted by the startup. 

MobiKwik was alleged to have been hit by a data breach involving more than 100 Mn users earlier this year. The leaked data is said to impact Mobikwik’s customers as well as the merchants that have procured loans from the company.

The leaked database contained user records for 11 Cr Mobikwik users with a whopping 8.2 TB of data. The sellers of the database had set up a dark web portal where anyone could search the impacted users by their phone number or email ID. The database was put up for sale for 1.5 Bitcoin (or roughly $85K).

The data dump was said to contain 350GB of MySQL dumps or 500 databases, 99 Mn email, phone, passwords, physical addresses, IP address, GPS location and device-related data, as well as 40 Mn records of card numbers, expiry dates, card hashes (SHA256 encrypted).

Post reports of the breach, MobiKwik cofounder and CEO Bipin Preet Singh said that MobiKwik cannot be blamed for the data leak and said that there is a possibility that users uploaded their information on multiple platforms leading to the leak. 

He added that MobiKwik would get a third party to conduct a forensic data security audit. The RBI had also ordered the company to conduct a third-party audit of its systems. However, as revealed in the RTI response, the inquiry is still ongoing. 

Following the incident, MobiKwik filed its IPO prospectus in July this year and is seeking to raise INR 1,900 Cr through the public market. The startup is issuing fresh shares worth INR 1,500 Cr and an offer for sale worth INR 400 Cr. SEBI approved MobiKwik’s IPO earlier this month.

In its IPO filings, the startup had allayed fears about the data breach saying that forensic audit experts found no evidence of unauthorised access. The company claimed, “The forensic audit expert subsequently reported that based on the analysis of logs/ data provided to them, there was no unauthorised access from outside of our company’s infrastructure or internally to the database server wherein customer data is stored, during the review period.”  

While the company has claimed that the audit has revealed no discrepancies, it remains to be seen whether the RBI concurs.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach-Inc42 Media
RBI Examines IPO-Bound MobiKwik’s 100 Mn Data Breach-Inc42 Media
You’re in Good company