Over 43 million investors’ data exposed in CVL security breach: Report

By Nikita Chaurasia  | Date: 2021-11-08

Over 43 million investors’ data exposed in CVL security breach: Report

CDSL Ventures Ltd. (CVL), a subsidiary of India’s leading Demat services provider Central Depository Services Limited (CDSL), greatly suffered from a vulnerability in its systems that exposed personal and financial information of about 43 million Indian investors twice in 10 days, as per Cyber9X.

Cybersecurity startup CyberX9 reported the vulnerability to CDSL on 19th October, which the securities depository took 7 days to fix.

According to CyberX9's blog, the various data types exposed include investor name, email address, income range, phone number, PAN, father's name, date of birth, and other personal information.

For the uninitiated, CDSL is a government-registered share depository responsible for managing investor accounts on the National Stock Exchange (NSE), Bombay Stock Exchange (BSE), and other stock exchanges. Whereas, CVL is a KYC (know your customer) registration agency. Both the entities are SEBI (Securities and Exchange Board of India) registered.

Himanshu Pathak, Founder and MD of CyberX9, described the exposed data in the CDSL vulnerability as a virtual gold mine for scammers, phishers, and malicious actors aiming to spread misinformation to manipulate Indian share markets.

Pathak also mentioned that two government entities NCIIPC (National Critical Information Infrastructure Protection Centre) and CERT-In (Indian Computer Emergency Response Team), accepted their vulnerability report for CDSL.

The cybersecurity researchers at CyberX9 stated that they verified the fix before publication, and it was no longer exploitable. On October 29th, their research team discovered an easy and full bypass for the initial fix that CDSL implemented to address the previously reported vulnerability in just a few minutes.

The Chandigarh-based security firm mentioned the vulnerability was not highly complex the second time their team discovered it. They believe that the attackers have already stolen the data, and the government must conduct an impartial security audit of CDSL.

Source Credit-

https://www.moneycontrol.com/news/technology/data-breach-at-cdsls-kyc-arm-exposed-4-39-crore-investors-data-twice-within-10-days-cyberx9-7687271.html

About Author

Nikita Chaurasia     aeresearch.net

Nikita Chaurasia

An accomplished professional in the field of content development, playing with words comes naturally to Nikita Chaurasia. After completing her post-graduate MBA degree in Advertising and PR, Nikita worked across numerous content-driven verticals, undertaking diverse r...

Read More

More News By Nikita Chaurasia

Russia denies plans of blocking YouTube & cutting off from the internet

Russia denies plans of blocking YouTube & cutting off from the internet

By Nikita Chaurasia

The Digital Development Minister of Russia has reportedly stated that the country is not planning to block Google’s video streaming platform YouTube as such a move would affect its users and will therefore be avoided.  It is worth notin...

Indian food delivery giant Swiggy to buy Dineout from Times Internet

Indian food delivery giant Swiggy to buy Dineout from Times Internet

By Nikita Chaurasia

Swiggy, an Indian food delivery giant, has recently announced an agreement with Times Internet to buy Dineout, a dining and restaurant technology platform. Swiggy will use the acquisition to enter the dining out (non-delivery) market, where it will c...

Grocery delivery platform Instacart files for U.S. stock market debut

Grocery delivery platform Instacart files for U.S. stock market debut

By Nikita Chaurasia

Instacart, a grocery delivery service, has announced that it has submitted a provisional registration statement with the Securities and Exchange Commission (SEC), clearing the way for the company to list its shares on the U.S. stock exchange. The ...

Tyson Foods improves annual sales outlook as meat prices surge in U.S.

Tyson Foods improves annual sales outlook as meat prices surge in U.S.

By Nikita Chaurasia

American food major Tyson Foods Inc. has reportedly improved its full-year sales outlook after witnessing better-than-expected earnings and revenue in the last quarter. The company raised its full-year sales to around USD 54 billion, above the averag...

EU likely to enforce new rules to regulate tech giants in spring 2023

EU likely to enforce new rules to regulate tech giants in spring 2023

By Nikita Chaurasia

The Executive Vice President of the European Commission Margrethe Vestager reportedly claimed that the union is likely to start enforcing the Digital Markets Act (DMA) in the spring of 2023. The antitrust legislation, which aims to limit the power of...