The Reserve Bank of India has asked digital wallet firm Mobikwik to get a forensic audit done without delay over data breach allegations. The Gurugram-based company has, however, claimed that its systems are secure and that there is no basis to the allegations of data breach by a group of hackers who said that they accessed personal and financial details of nearly 10 crore customers.
In the latest development, the RBI has reportedly ordered an immediate forensic audit of the company’s systems by a certified auditor.
Both RBI and Mobikwik refused to comment on the forensic audit order, as mentioned by agency PTI.
Mobikwik said that it takes privacy and security of user data seriously and are working with authorities to conduct an independent forensic audit.
RBI has asked Mobikwik to conduct a forensic audit without any delay to ascertain whether there has been a data breach or not. “The RBI has asked Mobikwik to get a third-party forensic audit carried out at the earliest by a CERT-IN-(Indian Computer Emergency Response Team)-empanelled auditor and submit the report without any delay,” said a source quoting a letter from the regulator.
The regulatory order came after Mobikwik contacted CERT-IN. CERT-IN had shared the data leak sample with the company and concluded that the sample didn’t belong to them. However, Mobikwik had informed CERT-IN that there was an unauthorised attempt to access its user-facing application programming interface associated with a payment link on March 1. The payments platform claimed that the attempt was unsuccessful. CERT-IN, however, recommended to RBI a forensic audit.
Hacker group Jordandaven shot a mail with the link of the database of 9.9 crore Mobikwik users to PTI. Data of founder Bipin Preet Singh and chief executive Upasana Taku was also shared on the database.
Mobikwik said on Tuesday that they are fully compliant with all applicable data security laws. “As soon this matter was reported, we undertook a thorough investigation with the help of external security experts and did not find any evidence of a data breach,” Mobikwik had said.