Data Breach of Indian Brokerage Firm Upstox

April 28, 2021

Upstox, one of the largest discount broking firms, recently suffered a security breach of its systems, resulting in the disclosure of its customers’ sensitive information. Though the exact number is not clear, but data of at least 25 lakh customers were breached. The leaked data includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents extracted from the company’s server.

The breach was first disclosed by independent researcher Rajshekhar Rajaharia on April 11

Cause of Data breach: Misconfigured AWS server which lead to unauthorized access to the database. Also lack of security enhancements at its third-party data warehouses.

Upstox has stated that now they have initiated a secure password reset via OTP. The broking house has also immediately restricted access to the impacted database, added multiple security enhancements at all third-party data-warehouses, set up real-time 24×7 monitoring and ring-fenced the network.

SEBI mandate:

The Securities and Exchange Board of India (SEBI) has made compulsory that all market intermediary institutions such as exchanges, depositories and brokerages adhere to its guidelines from April 1, 2019.
It has asked exchanges and brokerages to identify critical IT assets and risks, protect these assets by deploying suitable controls, tools and measures, detect incidents, anomalies and attacks through appropriate monitoring tools/processes; respond by taking immediate steps after identification of the incident, anomaly or attack and recover through incident management and other appropriate recovery mechanisms.
SEBI, in its annual report for 2019-20, has acknowledged the threat of cyber-attacks that could compromise the confidentiality, integrity and availability of computer systems, networks and databases in the market’s ecosystem.
Though Upstox was quick to address and fix the issue, it also gave a wake-up call to all intermediaries and market infrastructure institutions to strengthen their cyber security team.

Source: TheHackernews

Remediation:

Update your Upstox account’s password.
Enable Multifactor Authentication on your Upstox’s profile.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Data Breach of Indian Brokerage Firm Upstox

Security Team

Related Posts

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure