RBI Orders Third-Party Audit For Mobikwik After Data Leak

RBI Orders Third-Party Audit For Mobikwik After Data Leak

SUMMARY

The 8.2 TB database included personal and financial details of 100 Mn individuals who had signed up to Mobikwik

Mobikwik admitted to the CERT-In that an unauthorised attempt was made on March 1 to access its data

However, the company’s CEO has denied any data breach and shifted the blame to customers

As the controversy around Mobikwik’s alleged data leak continues to linger on, the Reserve Bank of India (RBI) has taken notice of the matter and directed the Gurugram-based payments startup to get a third-party audit done through CERT-In (Indian Computer Emergency Response Team), the cybersecurity agency of the Indian government. Further, the payments company will have to submit the report to the RBI without any delays. 

The development comes after a database of 110 Mn (11 Cr) Mobikwik users was leaked on the dark web in January 2021. The 8.2 TB of database included not only personal and financial details of individual customers but also details of merchants that have procured loans from the company. 

According to a PTI report citing sources within the company, Mobikwik has been following the directive and has been in touch with CERT-In on the matter. The cybersecurity department had shared a data leak sample with Mobikwik, which concluded that the sample did not belong to them. 

However, the company has admitted to the cybersecurity department that an unauthorised attempt was made on March 1 to access Mobikwik’s user-facing application programming interface associated with a payment link generated through its platform. The company had claimed that it had subverted the attempt, but CERT-in was unconvinced and later recommended that RBI conduct a forensic audit. 

As per the PTI report, the hacker group named Jordandaven had shared the data of Mobikwik founders Bipin Preet Singh and Upasana Taku from the database as well.    

Mobikwik, on the other hand, has continued to deny any breach, with CEO Singh also shifting the blame on users. The company has also said that the leak did not come from Mobikwik’s database and threatened to take legal action against the cybersecurity researcher Rajashekhar Rajaharia, who had first exposed the leak. 

“Some users have reported that their data is visible on the darkweb. While we are investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from Mobikwik or any identified source,” Singh said in an official statement released on March 30. He also said that the company would conduct a forensic data security audit. 

Amid the rising cybersecurity threats and breaches in India, the RBI has also been tightening its supervision norms over payments companies storing customer data. All the payment system operators (PSOs) will now have to submit detailed “compliance certificates” to the central bank twice a year from April 1, 2021, onwards. Along with this, the Indian PSOs will also have to submit board-approved system audit report (SAR) by CERT-empanelled auditors.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RBI Orders Third-Party Audit For Mobikwik After Data Leak-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RBI Orders Third-Party Audit For Mobikwik After Data Leak-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RBI Orders Third-Party Audit For Mobikwik After Data Leak-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RBI Orders Third-Party Audit For Mobikwik After Data Leak-Inc42 Media
RBI Orders Third-Party Audit For Mobikwik After Data Leak-Inc42 Media
You’re in Good company