Payments firm One Mobikwik Systems Ltd on Monday, in its draft IPO prospectus, said that a forensic audit conducted by an independent expert did not reveal any unauthorized access to its customer database in March.
The alleged data breach came to light in March after unknown actors claimed they were selling Mobikwik’s data on the dark web and that this included 99 million mail IDs and phone numbers, data of 40 million saved debit and credit cards as well as know-your-customer (KYC) logs of 3.5 million users.
The Gurugram-based digital payments firm had denied that it suffered such a data breach.
“...in March 2021, certain media reports alleged an unauthorised breach of our data security systems and gaining wrongful access to personal and financial data of our users. Following such media reports, we engaged an independent digital forensic audit expert to conduct an audit relating to these allegations,” the company said in its DRHP.
“The forensic audit expert subsequently reported that based on the analysis of logs/ data provided to them, there was no unauthorised access from outside of our Company’s infrastructure or internally to the database server wherein customer data is stored, during the review period,” it said.
“The report however states certain limitations to the processes undertaken, including virtual walk-through of our systems, not analysing employee devices and that the review was based on logs made available by us and certain non-mandatory logs were not available for the audit. In addition to the recent incident, in 2010, when we were operating at a relatively smaller scale, a hacker had gained unauthorized access to our operating systems, which resulted in certain disruption in our operations,” the prospectus said.
Catch all the Business News , Corporate news , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
MoreLess