NEWS
RBI orders forensic audit of Mobikwik systems
RBI directs Mobikwik, which is facing data breach allegations, to have a forensic audit done without delay.
RBI directs Mobikwik, which is facing data breach allegations, to have a forensic audit done without delay.
The Reserve Bank of India has directed Mobikwik, a digital wallet firm which is facing data breach allegations, to have a forensic audit done without delay.
On Tuesday, a group of hackers said they accessed personal and financial data of nearly 10 crore Mobikwik customers. The Gurugram-based firm, though, has been claiming that its systems are secure and that there is no basis to the allegations of data breach.
The RBI has ordered an immediate forensic audit of the company's systems by a certified auditor on Wednesday, news agency PTI reported quoting sources.
"The RBI has asked Mobikwik to get a third-party forensic audit carried out at the earliest by a CERT-IN-(Indian Computer Emergency Response Team)-empanelled auditor and submit the report without any delay," one of the sources told PTI quoting a letter from the regulator.
The regulatory diktat comes after Mobikwik contacted CERT-IN on the issue, the sources said, adding that CERT-IN had shared a data leak sample with the company, which concluded that the sample didn’t belong to them.
According to the PTI report, Mobikwik had admitted to CERT-IN that on March 1, there was an unauthorised attempt to access its user-facing application programming interface associated with a payment link generated through its platform. But the attempt was scuttled, Mobikwik claimed, leaving CERT-IN unconvinced, and later recommended to RBI for a forensic audit, as per the sources.
On Tuesday, PTI received an email from the hacker group named Jordandaven which had the link of the database of around 9.9 crore Mobikwik users' personal information such as mobile numbers, bank account details, emails, and credit card numbers.
Jordandaven has also shared that the data of Mobikwik founder Bipin Preet Singh and chief executive Upasana Taku from the database, PTI reported.
Mobikwik, on Tuesday, denied the allegations saying they take data security very seriously and are fully compliant with all applicable data security laws.
"We are subjected to stringent compliance measures under its PCI-DSS and ISO certifications which include annual security audits and quarterly penetration tests to ensure security of its platform.
"As soon this matter was reported, we undertook a thorough investigation with the help of external security experts and did not find any evidence of a data breach," Mobikwik had said on Tuesday.