Several users reported this week that details such as their credit card numbers had been discovered on a leaked online database supposedly belonging to MobiKwik, which the company has refuted.
According to a source with direct knowledge of the situation, India’s central bank has ordered digital payments firm MobiKwik to investigate allegations that the data of its 110 million users are compromised, and has cautioned that if lapses are detected, the company will face fines. MobiKwik, which is backed by Sequoia Capital and India’s Bajaj Finance, has come under fire this week for denying a database leak that many customers and digital rights activists claim is related to the firm.
The Reserve Bank of India (RBI) was “unhappy” with the company’s initial response and has asked it to act immediately, according to the source, who did not want to be identified because the conversation between the RBI and the company was confidential. The payments company has also come under fire for threatening to sue a security researcher who first disclosed the hack.
Several users reported this week that details such as their credit card numbers had been discovered on a leaked online database supposedly belonging to MobiKwik, which the company has refuted. ”The RBI has given MobiKwik an ultimatum and ordered them to hire an external auditor to perform a forensic audit,” the source said, adding that if the violation is confirmed, the RBI could levy fines. The Reserve Bank of India (RBI) did not respond to a request for comment.
In such situations, the central bank has the authority to fine a payment services provider a minimum of 500,000 rupees ($6,811). MobiKwik has not replied to requests for comment, and messages sent to the company’s founders have gone unanswered. It has previously confirmed that users’ data may have been posted to several sites and that it is wrong to assert that the leaked information was obtained from the payments firm, and that it takes privacy and security very seriously.
MobiKwik competes in India with companies including Alibaba-backed Paytm and Google’s payments service, both of which have seen rapid growth in use. Data breaches and leaks, on the other hand, have become all too frequent in the world. The Internet Freedom Foundation (IFF), a New Delhi-based digital rights organisation, asked India’s cyber security agency to investigate the suspected data breach on Wednesday. Reuters reached out to the federal agency, but it did not respond.