RBI tells MobiKwik to investigate data leak, will penalise company if found at fault - Happy Boss

Happy Boss

Thursday, 1 April 2021

RBI tells MobiKwik to investigate data leak, will penalise company if found at fault

Reserve Bank of India has reportedly directed MobiKwik to investigate the alleged data leak of a majority of the company's user base. The central bank has also told MobiKwik that it will be penalised if it is found to be at fault through the audit.

HIGHLIGHTS

  • MobiKwik will have to retain an external auditor to conduct a forensic audit.
  • If a fault is found on the company's part during the audit, it will be penalised, as per a Reuters report.
  • MobiKwik has repeatedly denied the claims of any data leak through its own servers.

Reserve Bank of India (RBI) has ordered digital payments major MobiKwik to investigate the recent allegations of a major user-data leak on the firm. It has further warned MobiKwik that it will face penalties if any security lapses were found on the company's part.

MobiKwik has been under scrutiny lately for an alleged data breach of its database that led to the personal information of 110 million of its users being shared on the dark web. MobiKwik denied the allegations and instead threatened to take legal action against the security researcher who first flagged the data breach.

Post an internal investigation, the firm asserted that no such data leak was found during the probe. Citing undisclosed sources, a report by Reuters now mentions that the Reserve Bank of India was "not happy" with this initial response and has directed the digital payment platform to act immediately.

The source said that the RBI has given MobiKwik an ultimatum, ordering them to retain an external auditor to conduct a forensic audit. If the audit proves a data breach, MobiKwik will be fined by the RBI.

The Reuters report mentions that the RBI has the authority to penalise a payment systems provider with a minimum of Rs 500,000 in such a case.

MobiKwik had previously released an official statement on the development. In the statement, it said that the data available on the Internet could have been uploaded by the users themselves on several platforms. It stressed that there was no indication of the data being leaked from the company's database.

On the other hand, users and security researchers have found information, including credit card details, on a leaked online database. Several of them have posted screenshots of the data that is now up for sale on the dark web. In some cases, this data was being sold for 1.5 bitcoin or about $86,000.

Another report claims that a separate dark web portal has been created which can be used to search data by phone number or email ID and get the specific results out of a total of 8.2 TB of data. The database allegedly belongs to MobiKwik, a claim that the company now has to prove wrong with proof to the RBI.

No comments:

Post a Comment