On Saturday, Upstox on its website said that it received emails claiming unauthorised access into its
. “These claims suggested that some contact data and KYC details may have been compromised from third-party data-warehouse systems,” Upstox’s co-founder and CEO Ravi Kumar wrote on its site.
Some web security analysts also tweeted on Saturday about the breach. The data breach happened at a third-party data warehouse and the files were put up on the dark web, sources said.
After the data breach, Upstox immediately restricted access to the impacted database, added multiple security enhancements at all third-party data-warehouses, set up real-time, 24×7 monitoring and ring-fenced its network. “As a matter of abundant caution, we have also initiated a secure password reset via OTP,” Kumar said.
“We would like to assure you that your funds and securities are protected and remain safe. Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories,” Kumar wrote.
