Debangana Ghosh reports on an incident involving a claimed Mobikwik breach that this site covered a number of times.
The alleged data breach of 3.5 million users at IPO-bound fintech unicorn MobiKwik is under RBI’s scanner.
The company has submitted a forensic audit report detailing the data breach, the RBI said in response to a right to information (RTI) petition filed recently. The petitioner sought to know the status and understand the procedure of the investigation.
Srinivas Kodali, independent researcher and privacy rights activist who had filed the RTI, told BusinessLine, “The RBI doesn’t care about informing individual customers. If there is a fraud happening due to data breach, the RBI ensures that the banks and payment processors refund that money under a certain limit. They think they are not obligated to inform individuals whose data was affected due to these breaches. And since there are no strict laws, MobiKwik got away without informing customers. MobiKwik also didn’t submit their report to the RBI, until the regulator reached out to them. There has been no independent investigation so far due to lack of data protection laws.”
In response, Mobikwik cites the results of the audit they commissioned, which allegedly found no evidence of any breach, but noted some limitations that Mobikwik does not specify in their statement. So they are still denying any breach. Will RBI find otherwise?
Read more on BusinessLine.