Indian infosec consultancy CyberX9 claims it twice found records of 43.9 million shareholders exposed by systems operated by Central Depository Services Limited (CDSL) – and that the depository company responded slowly to its alerts of significant vulnerabilities.
CDSL bills itself as a crucial player in India’s financial markets. It serves exchanges, investors, and issuers with depository services – electronic records of investors and their shareholdings. The company claims to have almost a million customers.
CyberX9 has alleged that CDSL exposed data describing even more customers, with full names, tax department ID numbers, marital status, date of birth, nationality, residential address, email address, occupation details, and even the names of spouses and parents leaked.
Source: The Register