Gurugram based Fintech company Mobikwik’s data has allegedly been leaked in the dark web and was being sold at 1.5 Bitcoins i.e. approximately INR 63 lakhs.. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia. Various independent security researchers also have claimed that personal data of the users was taken from Mobikwik’s main server by a hacker group named ‘Jordan Daven’ and was put on sale on the dark web forums for quite some time now.
The alleged breach of data is said to be one of the biggest Know Your Customer (‘KYC’) data leaks in Indian history with the data of approximately a hundred million (10 crore) users including their sensitive personal data leaked on the dark web. As per sources, the data leak may include credit card and debit card details, PAN numbers, Aadhar information, email ids, phone number, passwords, name, address, GPS locations, IP address, etc.
Alleged Mobikwik data leak is not the first data leak case in India. Several other Indian companies like SBI, Justdial, Bigbasket, Unacademy, etc have suffered or allegedly suffered massive data breaches in recent years and Mobikwik joins this high-profile list.
Mobikwik had earlier publicly denied the leakage and had stated that “A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses”. On 30 March 2021, Mobikwik also stated that they are closely working with requisite authorities on this matter, and considering the seriousness of the allegations, they will get a third party to conduct a forensic data security audit.
After this statement that was released on 30 March, It has been allegedly claimed by the hacker group now that they have deleted all Mobikwik’s data from their servers and all the users are safe now.
Do you think our data like credit card and debit card details, PAN numbers, Aadhar information, email ids, phone number, passwords, name, address, GPS locations, IP address, etc. that we share with the companies are really safe? With the absence of checks under the current data protection regime, the need for enactment of Personal Data Protection Bill seems crucial now.
Corrida Legal is consistently rated as the best corporate law firm & lawyers in Gurgaon (Delhi NCR) and Mumbai. Reach out to us on LinkedIn or contact us at contact@corridalegal.com/+91-8826680614 in case you require any advice.