The alleged data breach of 3.5 million users at IPO-bound fintech unicorn MobiKwik is under RBI’s scanner.
The company has submitted a forensic audit report detailing the data breach, the RBI said in response to a right to information (RTI) petition filed recently. The petitioner sought to know the status and understand the procedure of the investigation.
Srinivas Kodali, independent researcher and privacy rights activist who had filed the RTI, told
Digital forensic audit
While the company did not respond to queries from
Search engine created
The data leak was first reported by internet security researcher Rajshekhar Rajaharia in late February 2021, wherein 3.5 million individuals KYC documents were exposed through 37 million files. Apart from that, 100 million phone numbers, email ids, passwords, geodata, bank account details and credit card data were leaked.
“The hacker had, in fact, created a search engine using their data, which had 10 crore credit card and debit cards data. Just by entering the phone number, one could get access to the entire transaction history of the user. The leaked data even included details of some of the senior government officials and IPS officers. It was out in public. If it was all false, MobiKwik would have filed a defamation case against me,” Rajaharia told BusinessLine .
In an interview with BusinessLine earlier this month, Upasana Taku, co-founder, chairperson and COO, MobiKwik said, “ Our public statement is very much out there on our social media profiles where we have denied any breach in the system and we had even appointed a forensic auditor to check it and they too didn’t find any breach.”