The recent Mobikwik’s 3.5 million users data breach has been taken into consideration by the Reserve Bank Of India (RBI). The RBI has asked a troubled digital wallet firm to get a forensic audit done without any further delay.
Earlier, the Gurugram-based firm has been claiming that its systems didn’t find any data error, and it’s fully secure. It also said that there is no basis for the allegations of data breach. To highlight the real problem, hackers on Tuesday said that they accessed the personal financial details of nearly 10 crore Mobikwik consumers.
Yesterday, sources in the know of the development told PTI that the Reserve Bank of India has ordered an immediate forensic audit of the firm’s systems by one of the certified auditors.
While media persons tried to contact RBI on the matter, they denied to comment. Mobikwik also refused to give a direct answer to a query on whether the Reserve Bank Of India has ordered a forensic audit or not.
It also stated- “We take privacy and security of our user data seriously and are working with authorities to conduct an independent forensic audit”.
In spite of no direct confessions, the sources said that RBI has asked Mobikwik to get the forensic audit as soon as possible. The objective behind this is to find out whether the breach happened or not.
The RBI clearly stated- Mobikwik to get a 3rd-party forensic audit carried out at the earliest by a CERT-IN (Indian Computer Emergency Response Team), impaneled auditor, and submit the report as soon as possible.
The regulatory and concerned authorities came after Mobikwik, contacted CERT-IN on the matter, adding it had shared a data breach sample with the firm, which resulted that the sample didn’t belong to them.
But on other hand, yesterday, the digital wallet firm admitted to CERT-IN that there was an unauthorized attempt to access its user-facing application programming interface with a payment link generated via its platform. However, the attempt was sprinted. But this didn’t convince CERT-IN fully and later RBI ordered for a forensic audit.
Earlier this week on Tuesday, PTI received an email from the hacker group named Jordandacen consisting of a link to the database of nearly 9.9 crore users’ personal financial details. It also shared the data of Mobikwik founder Bipin Preet Singh and Chief Executive Upasana Taku.
And it said – “We are subjected to rigorous yielding measures under its PCI-DSS and ISO certifications which include annual security audits and quarterly infiltration tests to assure the security of its platform”.
Lastly, the firm said on Tuesday – “As soon this matter was reported, we undertook a thorough investigation with the help of external security experts and did not find any evidence of a data breach”.
Note: This news is based on millions of articles over the internet, Global Business Line does not take any responsibility for the facts and information mentioned in this news article.