CERT-IN to start inquiry into reported MobiKwik data leak


By MYBRANDBOOK


CERT-IN to start inquiry into reported MobiKwik data leak

MobiKwik continued to deny that the data has been leaked and said it would get a third party to conduct forensic data security audit. In view of the massive data breach and the lack of an appropriate response from MobiKwik, Internet Freedom Foundation, said in a letter to CERT-IN to initiate an inquiry over the reported data breach. Such an inquiry ought to require executives of MobiKwik to provide detailed explanations to your office. A record says, now the issue is more than one month.

 

The massive breach reportedly included KYC details of 3.5 million people and phone numbers, email, hashed passwords, addresses, bank accounts and card details of close to 10 crore users. This data was available for sale on the dark web for anyone who could pay 1.5 bitcoins, which is equal to $88,434.

 

The letter from Apar Gupta, Executive Director, Internet Freedom Foundation says that, CERT-In must conduct a technical audit and call on MobiKwik to provide a substantive explanation on why such a breach has taken place; details of the breach including the number of users affected by the breach and the date and time on which the breach took place.

 

The Section 70B (6) has provisions for such inquiry as it gives CERT-IN the power to call for information and give direction to the service providers, intermediaries, data centres, body corporate and any other person, the letter said.

 

It is the responsibility of Mobikwik, they should inform each affected user of the extent to which the breach has impacted them, devised a strategy to remedy the situation, and permit an independent agency to conduct a forensic data security audit and publish their findings.

 

A MobiKwik spokesperson said in a statement on March 30 that the company has undertaken a thorough investigation with the help of external security experts and did not find any evidence of a breach. “The company is closely working with requisite authorities on this matter and considering the seriousness of the allegations, will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe,” the spokesperson said.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org