"CDSL Data Breach Exposes Sensitive Details of 44 Million Indian Investors"

The Central Depository Services Limited (CDSL), India's popular securities depository services provider, experienced a data breach at its subsidiary CDSL Ventures Limited (CVL). According to CyberX9's research team, the data breach exposed personal and financial information belonging to more than 43.9 million investors in India. The team identified a critical authorization vulnerability in a public CDSL KYC API, which led to the exposure of a significant amount of sensitive data to the Internet. Although the vulnerability was fixed following its disclosure to the CDSL, the CyberX9 was able to bypass the patch, thus exposing the same data of the impacted investors again. The vulnerability was fixed again after the team reported it to the Indian Computer Emergency Response Team (CERT-IN ) and National Critical Information Infrastructure Protection Centre (NCIIPC). This article continues to discuss the CDSL data breach. 

CISO MAG reports "CDSL Data Breach Exposes Sensitive Details of 44 Million Indian Investors"