A cyber vulnerability warning, Malicious actors with access to KYC data may be able to undertake targeted attacks such as financial fraud, identity theft, extortion, and impersonation. According to CVL, the vulnerability has been mitigated.
A cyber vulnerability warning, Last Wednesday, a group of cyber security experts identified a significant security flaw in. CDSL Ventures Limited (CVL), a Sebi-registered KYC registering agency, which they claimed could be exploited for unauthorised access to sensitive personal and financial data of investors.
CVL is a completely owned subsidiary of Central Depository Services Limited, India’s largest securities depository. It allows for the centralised storage and protection of investor data, as well as completely digitised. KYC services for market intermediaries and the storage of information on over 4 crore investors.
Protection Centre, and CERT-In, both of which are part of the Ministry of Electronics and Information Technology (MEITY).
“Our researchers discovered an authorisation vulnerability in one of the. APIs (application program interfaces) that allowed anyone capable of launching a malicious attack to retrieve extremely sensitive personal and financial information of around. 4.39 crore investors who have obtained market securities KYC since 2005,” said Himanshu Pathak, founder of CyberX9, a Chandigarh-based cyber security consultancy.
“CDSL would like to clarify that there has been no security issue or data breach at. CDSL,” a CDSL representative stated in an email on Tuesday when reached. CVL, on the other hand, received a vulnerability alert on its website, which has subsequently been fixed. At CVL, there has been no data breach.” Emails to SEBI, NCIIPC, and CERT-In seeking feedback went unanswered.
Investor KYC for market securities involves extended personal and financial data points — name, addresses, gender,
Due to the authorization vulnerability, all of the following information was accessible until October 25: marital status, PAN, email, annual income, net worth, Demat account number, broker data, client ID, and so on.
Malicious actors with access to KYC data may be able to undertake targeted attacks such as financial fraud, identity theft, extortion, and impersonation. On a more general level, this dataset might be utilized to destabilize the stock market via targeted misinformation operations.
Click here: Ram Slam fixing case: CSA’s ACSU officer denies racial discrimination
Read more about: Smriti Mandhana says “WBBL experience will definitely count playing for India” in T20 World Cup
Visit also: At the Ambassadors’ round table, Rajnath Singh lays forth the DefExpo ideas.