Following the news? Get the statutes and orders behind it — live — with LITT.
Size
0%
buzz

Data breach at India’s biggest Demat Depository CDSL

A team of cybersecurity named CyberX9 have found a data

Legal Wires
Legal Wires
Contributor · ·2
0 / 0 · 0 min left
300 wpm

LITT Law — legal AI associate

A team of cybersecurity named CyberX9 have found a data breach in the servers of the Central Depository Services Limited (CDSL) that maintains demat accounts of crores of investors.

According to CyberX9, the breach in the CDSL system exposed sensitive personal and financial data of an estimated 4.39 crore investors on whom CDSL has performed a Know Your Customer/Client (KYC) operation since 2005.

The CyberX9’s founder and managing director, Himanshu Pathak, called the data ‘exposed’ in the CDSL vulnerability a ‘virtual gold mine’ for phishers, scammers, and for ‘malicious attackers looking to spread misinformation to manipulate Indian share markets’.

It was found that data was breached because of a vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL).

Himanshu Pathak said that the data was exposed because of a vulnerability in an Application Programming Interface (API) used by the CVL.

An API is a piece of software that sits between two computer applications. The two computer applications will use the API to send and receive data from each other.

CVL is a service set up to perform investor identity verification via KYC processes. 

CVL, according to Pathak, is “exposing all KYC data of anyone who has gone through the CDSL KYC process”.

An API used by CVL to communicate and receive data from the main CDSL computer server has a vulnerability allowing anyone with enough technical know-how to use that API to bypass the need for proper authorisation to access sensitive investor data.

Although CDSL in a statement has contended that there had been no breach in the system, only vulnerability was found and has been sorted out.

The CDSL, a government-registered share depository, manages all investor accounts trading on the Bombay Stock Exchange. It is one of only two depository systems in the country handling crores of investor accounts, with the other being the National Securities Depository Limited (NSDL).

Legal Wires
Written by Legal Wires

Team @LegalWires

Follow the thread

Questions about this piece

AI-powered, citation-anchored. Pick a question to see the answer.

  1. 01
  2. 02
  3. 03
Powered by LITT AI · Educational explainer, not legal advice. Verify before relying.
1.5×

More in

Legal Wires

Legal Wires

Stay ahead of the legal curve. Get expert analysis and regulatory updates natively delivered to your inbox.

Success! Please check your inbox and click the link to confirm your subscription.