It is high time to provide for measures against security breaches and make trading foolproof. Upstox, one of the largest discount broking firms, suffered a security breach of its systems, resulting in the exposure of its customers’ sensitive information recently.However, Upstox did not officially declare how many of its users’ data was compromised but according to media reports, at least 25 lakh customers data were breached.

https://unsplash.com/@markusspiske

Consequences of the breach

The data that has been leaked is of vital importance. It comprises of names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents taken from the company’s server.

Upstox issued a clarification whereby it has guaranteed that their security systems have been upgraded manifold after taking the recommendations of a global cyber-security firm into account. The expertise of this globally renowned firm was resorted to after receiving emails claiming unauthorised access into their database, as it was claimed that some contact data and KYC details may have been compromised from third-party data-warehouse systems.

Further assurance is given by Upstox that their client’s funds and securities are protected and will remain safe. Funds can only be moved to linked bank accounts and that the securities are held with the relevant depositories.

The process to a secure password reset via OTP has been initiated. The broking house has also immediately restricted access to the impacted database, added multiple security enhancements at all third-party data-warehouses, set up real-time 24×7 monitoring and ring-fenced the network.

SEBI mandate for intermediaries

The recent incident has surely raised brows though Upstox was quick to address and fix the issue. The security breach gave a wake-up call to all intermediaries and market infrastructure institutions to strengthen their cyber security team.

SEBI should also come out with dos and don’ts after studying this case in detail to make the market infrastructure robust and foolproof.

The Securities and Exchange Board of India (SEBI) has already mandated that all market intermediary institutions such as exchanges, depositories and brokerages adhere to its guidelines from April 1, 2019.

SEBI, in its annual report for 2019-20, has acknowledged the threat of cyber-attacks that could compromise the confidentiality, integrity and availability of computer systems, networks and databases in the markets ecosystem.

It asked exchanges and brokerages to identify critical IT assets and risks, protect these assets by deploying suitable controls, tools and measures, detect incidents, anomalies and attacks through appropriate monitoring tools/processes; respond by taking immediate steps after identification of the incident, anomaly or attack and recover through incident management and other appropriate recovery mechanisms.

SEBI had also directed stockbrokers and depository participants to identify critical assets based on their sensitivity and criticality for business operations, services and data management. 

SEBI further emphasises that stockbrokers/depository participants should maintain up-to-date inventory of its hardware and systems and the personnel to whom these have been issued, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

As a part of its structure for monitoring cyber security-related events in the securities markets and in taking actions in the interest of protection of the securities market, SEBI plans to establish a cyber security fusion centre or a cyber lab. The three-tier structure would make the cyber security preparedness stronger or resilient of the entire securities market ecosystem.

The regulator tries to prevent such mollified events from taking place, yet the recent hacking incident has revealed the vulnerability of our market institutions.

author avatar
Finvestor Social Media
Krishna Rath is a SEBI Registered Investment Adviser, and since 2015 has been educating netizens on investments and insurance. Krishna is a fee only SEBI RIA and is Odisha's first SEBI RIA. With background in IT, Krishna is changing the advisory space with new innovations in AdvisoryTech.

By Finvestor Social Media

Krishna Rath is a SEBI Registered Investment Adviser, and since 2015 has been educating netizens on investments and insurance. Krishna is a fee only SEBI RIA and is Odisha's first SEBI RIA. With background in IT, Krishna is changing the advisory space with new innovations in AdvisoryTech.

Leave a Reply

Your email address will not be published. Required fields are marked *