Serious data breach at Upstox

Share on facebook
Share on twitter
Share on linkedin

Indian stock trading firm Upstox has suffered a serious security breach. Reports claim that millions of customers – including those in the UK – could have had their personal information compromised after hacking group ShinyHunters targeted the business. According to Upstox, it has received emails from the hackers. ShinyHunters appears to be seeking a ransom payment from Upstox for the stolen data.

What data was accessed in the Upstox data breach?

The affected data is thought to include customer:

  • names
  • contact information
  • dates of birth
  • bank account information

Millions of Know Your Customer (KYC) details are also believed to have been stolen.

What is KYC?

KYC means Know Your Customer (or Client). It is the process of identifying and verifying a client’s identity. Banks and other financial institutions are obligated to use KYC to guard against money laundering, terrorism, and other crimes. In simple terms, KYC helps financial organisations make sure their clients are who they claim to be.

The verification data used in the KYC process might include scans of passports, ID cards and other documents (e.g. utility bills and bank statements). So Upstox customers are rightly worried that this data has fallen into nefarious hands.

What should Upstox customers do now?

Upstox has reassured customers that their funds remain safe. However, as a matter of “abundant caution” it has initiated a secure password reset. Upstox also temporarily disabled its desktop trading platforms.

At Keller Lenkner UK, we recommend that UK customers of Upstox take the following steps to bolster their data security.

Read our Steps to defend yourself against further harm following a data breach or cybercrime.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss a data breach claim.

Share this article:

Share on facebook
Share on twitter
Share on linkedin