Home / Tech / News / Upstox alerts users of potential data breach, says funds and securities are safe

Upstox alerts users of potential data breach, says funds and securities are safe

The company says it has strengthened its existing systems. The company says it has strengthened its existing systems.
The company says it has strengthened its existing systems. (Pixabay)

Retail broking firm Upstox on Sunday disclosed that its databases containing user details might have been breached, adding that it had taken steps to mitigate the issue, inform the authorities and improve its existing security systems.

Brokerage firm Upstox on Sunday disclosed that its databases containing user details might have been breached, adding that it had taken steps to mitigate the issue, inform the authorities and improve its existing security systems. The revelations come shortly after another startup reportedly suffered a data breach involving millions of user’s personal information.

In an announcement made on the company’s website on Sunday, the company stated that it had received information that its database had been accessed without authorisation and that these databases included user’s contact information and their KYC information. However, the company stated that all of their clients’ funds were protected and not affected by the breach. The incident was first reported by the Economic Times

Also read: Data breaches can impact a brand’s relative strength and here’s what’s at peril

“We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database,” the company posted on its website. It also said that client funds could only be moved to a linked bank account and that securities were held with the relevant depositories.

The company says it has strengthened its existing systems by immediately restricting access to the impacted database, adding multiple security enhancements at all third party data-warehouses, setting up real-time 24x7 monitoring, and adding additional ring-fencing to the network. “As a matter of abundant caution, we have also initiated a secure password reset via OTP,” the company said.

Read more: MobiKwik says it is probing data breach claims

The company said it is also scaling up its bug bounty program “to encourage ethical hackers” to “stress-test its systems and protocols” and “help it identify any vulnerabilities” from time to time. The company said it had already reported the incident to the authorities and advised customers to follow secure practices like using strong passwords, never sharing OTPs, and watch out for unauthorised OTPs, while checking the legitimacy of links and senders.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.