Indian stock trading firm Upstox has suffered a serious security breach. Reports claim that millions of customers – including those in the UK – could have had their personal information compromised after hacking group ShinyHunters targeted the business. According to Upstox, it has received emails from the hackers. ShinyHunters appears to be seeking a ransom payment from Upstox for the stolen data.
What data was accessed in the Upstox data breach?
The affected data is thought to include customer:
- contact information
- dates of birth
- bank account information
Millions of Know Your Customer (KYC) details are also believed to have been stolen.
What is KYC?
KYC means Know Your Customer (or Client). It is the process of identifying and verifying a client’s identity. Banks and other financial institutions are obligated to use KYC to guard against money laundering, terrorism, and other crimes. In simple terms, KYC helps financial organisations make sure their clients are who they claim to be.
The verification data used in the KYC process might include scans of passports, ID cards and other documents (e.g. utility bills and bank statements). So Upstox customers are rightly worried that this data has fallen into nefarious hands.
What should Upstox customers do now?
Upstox has reassured customers that their funds remain safe. However, as a matter of “abundant caution” it has initiated a secure password reset. Upstox also temporarily disabled its desktop trading platforms.
At Keller Lenkner UK, we recommend that UK customers of Upstox take the following steps to bolster their data security.