India's security depository CDSL was reportedly hit by a security breach twice following the discovery of 43.9 million investors were compromised for the second time by CERT, CyberX9 claims...

Continue reading
The Central Depository Services Limited (CDSL), one of India's largest security depositories, is believed to have compromised sensitive, personal, and financial data of 43.9 million investors in India. CyberX9, an Indian infosec consultancy, has **reported** having found data exposes in their system twice. They have stated the breach resulted from _"sheer negligence"_ by CDSL in securing sensitive data.
CDSL provides exchanges and investors with depository services. It claims to have a stringent policy to ensure the confidentiality of millions of customer data, but according to CyberX9, CDSL has exposed the information of their customers on several occasions.
Sensitive data exposed in the breach include customers' full names, complete PAN No, gender, marital status, father/spouse's full name, date of birth, nationality, residential address, permanent address, contact numbers, email address, and occupation details. The data exposed is described as a _"virtual gold mine"_ for phishers, filtering individuals based on their financial details.
According to the timeline shared by the security firm, CDSL did not respond to them for seven days and took no actionable steps to secure their database for the first three days. Meaning, sensitive data of 43.9 investors of the country remained exploitable after reporting. On November 1, 2021, CERT-In replied, _"The concerned organization has confirmed to us that the reported vulnerability is fixed now. You may also verify at your end and confirm with us.”_
Despite statements given by CDSL to media that suggest that the company took prompt actions to fix the vulnerability, CyberX9 said, _"Even this time what could’ve taken a maximum of 2 hours, took around three days for CDSL to secure their systems to stop the exposure of sensitive data of ~4.39 crore people."_
The right thing to do is to order a thorough security audit of CDSL to reveal past incidents and the amount of data compromised. _"It’s a big issue if the nation’s biggest securities depository has such a poor cyber security posture and handles sensitive customer data with such negligence,"_ said the security firm.
Polymarket's hack losses climb to $3.1M across 11 wallets as the platform faces a federal probe into deceptive marketing, even after pledging full refunds.