Data leak: RBI orders forensic audit of MobiKwik's systems

Data leak: RBI orders forensic audit of MobiKwik's systems

AgenciesUpdated: Thursday, April 01, 2021, 11:10 AM IST
article-image
Reserve Bank of India (RBI) | Photo Credit: PTI

The Reserve Bank has asked troubled digital wallet firm MobiKwik, which is facing data breach allegations, to get a forensic audit done without any delay.

Though the Gurugram-based firm has been claiming that its systems are secure and that there is no basis for the allegations of a data breach, a group of hackers on Tuesday said that they accessed the personal and financial data of nearly 10 crore MobiKwik customers.

On Wednesday, sources in the know of the development told PTI that the RBI has ordered an immediate forensic audit of the company's systems by a certified auditor.

When contacted, an RBI spokesperson refused to comment.

Mobikwik refused to give a direct answer to a query on whether the RBI has ordered a forensic

"We take privacy and security of our user data seriously and are working with authorities to conduct an independent forensic audit," it said.

However, the sources said the RBI has asked MobiKwik to get the forensic audit done without any delay to ascertain whether there was a data breach or not.

"The RBI has asked Mobikwik to get a third-party forensic audit carried out at the earliest by a CERT-IN-(Indian Computer Emergency Response Team)-empanelled auditor and submit the report without any delay," one of the sources said quoting a letter from the regulator.

The regulatory diktat comes after Mobikwik contacted CERT-IN on the issue, the sources said, adding that CERT-IN had shared a data leak sample with the company, which concluded that the sample didn’t belong to them.

However, Mobikwik had admitted to CERT-IN that on March 1, there was an unauthorised attempt to access its user-facing application programming interface associated with a payment link generated through its platform. But the attempt was scuttled, Mobikwik claimed, leaving CERT-IN unconvinced, and later recommended to RBI for a forensic audit, as per the sources.

On Tuesday, PTI received an email from a hacker group named Jordandaven which had the link of the database of around 9.9 crore MobiKwik users'' personal information such as mobile numbers, bank account details, emails, and credit card numbers.

Jordandaven has also shared that the data of MobiKwik founder Bipin Preet Singh and chief executive Upasana Taku from the database.

MobiKwik, on Tuesday, denied the allegations saying they take data security very seriously and are fully compliant with all applicable data security laws.

RECENT STORIES

Housing Sales Dip 2% In Top Indian Cities In H1 2025, Office Leasing Surges 41%: Knight Frank

Housing Sales Dip 2% In Top Indian Cities In H1 2025, Office Leasing Surges 41%: Knight Frank

Diogo Jota Net Worth 2025: Football & Esports World Mourn The Loss Of The Liverpool Star

Diogo Jota Net Worth 2025: Football & Esports World Mourn The Loss Of The Liverpool Star

Google Promotes AI Mode On Homepage With Doodle To Compete With Chatgpt, Claude, And Perplexity AI

Google Promotes AI Mode On Homepage With Doodle To Compete With Chatgpt, Claude, And Perplexity AI

IPO: Meesho Files Draft Papers With SEBI To Raise ₹4,250 Crore; Resolution To Launch Passed In...

IPO: Meesho Files Draft Papers With SEBI To Raise ₹4,250 Crore; Resolution To Launch Passed In...

IFC Commits ₹460 Crore To IndiGrid For India’s Largest Battery Energy Storage Project In Gujarat

IFC Commits ₹460 Crore To IndiGrid For India’s Largest Battery Energy Storage Project In Gujarat