RBI Orders Forensic Audit of Mobikwik

The Reserve Bank of India has ordered an immediate forensic audit of the fintech startup Mobikwik to probe allegations that the data of its 11 crore customers was stolen by hackers. The company will likely be fined if the audit reveals lapses, a source with direct knowledge of the situation told Reuters.

What happened? Over 8 terabytes (TB) of personal user information was allegedly taken from Mobikwik’s main server by a hacker named Jordan Daven and put on dark-web forums. The breach was first reported about a month ago. However, Mobikwik continues to deny the breach and has been trying to discredit the researchers that reported it.

Aftermath: Following a slew of cyber-security breaches at Indian tech startups over the past few months, RBI has tightened its rules for payment companies storing customer data. Starting today, all licensed payment system operators will have to submit detailed “compliance certificates” to RBI twice a year. These certificates must confirm that the company has complied with all RBI rules pertaining to the storage and security of payments data.