Upstox, the retail broking firm or trading brokerage company, has recently alerted its customers of a security breach. The data breach had included the KYC details and the contact data of the customers. The company had assured the users that their securities and funds are safe, however.
“On receipt of emails claiming unauthorized access into our database, we have appointed a cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems. This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an emailed statement.
The spokesperson had mentioned that the firm has already initiated several security enhancements as a proactive measure. The upgrades are mainly made at the third- party warehouses, additional ring-fencing of its network and real-time round the clock monitoring.
“As a matter of abundant caution, we have also initiated a secure password reset via OTP for all Upstox users. Upstox takes customer security extremely seriously. Funds and securities of all Upstox customers are protected and remain safe. We have also duly reported this incident to the relevant authorities,” the spokesperson said.
The spokesperson added that at this point, “we don’t know with certainty the number of customers whose data has been exposed”.
The trading firm, Upstox is backed by some of the giant investors such as Tiger Global and bears over three million users. The co-founder and the firm’s chief executive have mentioned on their website that the securities and the customers’ funds remain safe as they are protected.
“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories. As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” he said.
He has also added that the firm has restricted access to the compromised database, and they have, however, added several security improvements at all the third-party data warehouses.
Upstox has even ramped up its bug bounty programme for encouraging ethical hackers to test its systems and protocols, helping them identify any vulnerability from time to time. Additionally, it has advised its customers to use strong and unique passwords that are a mismatch with the older versions and not to share the One Time Password Codes (OTPs).
Furthermore, the company has urged the customers to be aware of the online frauds, recheck the legitimacy of the links and their senders, and watch out for the OTPs they may have requested. The firm has also advised alerting their service providers in such occurrences.
Disclaimer: Read the complete disclaimer here.