Over 43 million investors’ data exposed in CVL security breach: Report

By Nikita Chaurasia  Date: 2021-11-08

Over 43 million investors’ data exposed in CVL security breach: Report

CDSL Ventures Ltd. (CVL), a subsidiary of India’s leading Demat services provider Central Depository Services Limited (CDSL), greatly suffered from a vulnerability in its systems that exposed personal and financial information of about 43 million Indian investors twice in 10 days, as per Cyber9X.

Cybersecurity startup CyberX9 reported the vulnerability to CDSL on 19th October, which the securities depository took 7 days to fix.

According to CyberX9's blog, the various data types exposed include investor name, email address, income range, phone number, PAN, father's name, date of birth, and other personal information.

For the uninitiated, CDSL is a government-registered share depository responsible for managing investor accounts on the National Stock Exchange (NSE), Bombay Stock Exchange (BSE), and other stock exchanges. Whereas, CVL is a KYC (know your customer) registration agency. Both the entities are SEBI (Securities and Exchange Board of India) registered.

Himanshu Pathak, Founder and MD of CyberX9, described the exposed data in the CDSL vulnerability as a virtual gold mine for scammers, phishers, and malicious actors aiming to spread misinformation to manipulate Indian share markets.

Pathak also mentioned that two government entities NCIIPC (National Critical Information Infrastructure Protection Centre) and CERT-In (Indian Computer Emergency Response Team), accepted their vulnerability report for CDSL.

The cybersecurity researchers at CyberX9 stated that they verified the fix before publication, and it was no longer exploitable. On October 29th, their research team discovered an easy and full bypass for the initial fix that CDSL implemented to address the previously reported vulnerability in just a few minutes.

The Chandigarh-based security firm mentioned the vulnerability was not highly complex the second time their team discovered it. They believe that the attackers have already stolen the data, and the government must conduct an impartial security audit of CDSL.

Source Credit-

https://www.moneycontrol.com/news/technology/data-breach-at-cdsls-kyc-arm-exposed-4-39-crore-investors-data-twice-within-10-days-cyberx9-7687271.html

About Author

Nikita Chaurasia     aeresearch.net

Nikita Chaurasia

An accomplished professional in the field of content development, playing with words comes naturally to Nikita Chaurasia. After completing her post-graduate MBA degree in Advertising and PR, Nikita worked across numerous content-driven verticals, undertaking diverse r...

Read More

More News By Nikita Chaurasia

Samsung to supply new auto chips for Volkswagen’s infotainment system

Samsung to supply new auto chips for Volkswagen’s infotainment system

By Nikita Chaurasia

South Korean electronics major Samsung Electronics Co. Ltd. will supply advanced auto chips to Volkswagen AG. The new chips will be integrated in the German automotive giant’s upcoming infotainment system which is currently being developed by S...

Canada limits 5G around airports over aircraft interference concerns

Canada limits 5G around airports over aircraft interference concerns

By Nikita Chaurasia

Much to the surprise of the telecom industry, the Department of Innovation, Science, and Economic Development (ISED) of Canada has reportedly decided to limit some 5G services that could possibly interfere with radio altimeters, which are crucial com...

U.S. planning to invest billions to expand COVID-19 vaccine production

U.S. planning to invest billions to expand COVID-19 vaccine production

By Nikita Chaurasia

The United States is reportedly planning to make substantial investments to improve its COVID-19 vaccine manufacturing capacity. The country intends to produce at least a billion doses by the second half of 2022. This decision is driven by the huge ...

Peloton sues rival firms iFit and Echelon for patent infringement

Peloton sues rival firms iFit and Echelon for patent infringement

By Nikita Chaurasia

U.S.-based exercise equipment and media company Peloton Interactive Inc. has reportedly filed lawsuits against its rivals Echelon Fitness and iFit, claiming that they violated patents related to its on-demand classes. Peloton stated that Echelon and...

Apple’s digital ID card plan could be funded through states, taxpayers

Apple’s digital ID card plan could be funded through states, taxpayers

By Nikita Chaurasia

Apple is reportedly working on allowing users in participating states to digitally store their state IDs  or driver’s licenses on their iPhone wallet. However, the multibillion-dollar company will partially rely on the respective states &m...