The Reserve Bank of India (RBI) was “not happy” with the company’s initial response and has asked it to act immediately, said the source, who declined to be named as the discussion with the company was private.
Last month, MobiKwik denied the alleged data leak in an emailed statement, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure security of its platform.” A company spokesperson added that MobiKwik was closely “working with requisite authorities” on the matter and will get a third party to conduct a forensic data security audit, considering the seriousness of the allegations.
“For its users, the company reiterates that all MobiKwik accounts and balances are completely safe,” the spokesperson said.
However, independent security researchers have claimed that the data — over 8.2TB in size — has been put on sale on the dark Web for quite some time now. Gadgets 360 was first informed about the alleged data breach in February. The hackers group, that allegedly had access to the data for months, has now made it accessible through a search engine that suggests some of the leaked data elements — including the names, phone numbers, and email IDs of millions of affected users.