Customer data of lending firm breached
New age data-driven technology companies are always prone to attack on their data storage facilities, more so if they are in the fintech domain.
Last week, an early-stage lending startup Rupee-Redee discovered vulnerabilities in its data stack stored on the Amazon cloud. A data security enthusiast who goes by the name of Gareth on Twitter pointed out that RupeeRedee was ‘leaking’ customer details because of some vulnerability on its cloud storage facilities. What could be accessed was customer scanned copies of Aadhaar or Pan cards which are usually submitted by applicants during KYC.
On being pointed out by ET, after some redacted files were put out in the public domain, the company swiftly got the leak sealed with help of professionals by late Friday.
“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data surveillance enthusiast. Thankfully the vulnerability was recognized and fixed within a few hours thereby preventing any compromise of our systems or customer data. It is noteworthy that we have been audited by Certified Information Systems Auditor (CISA) in the recent past and continue to be committed to maintaining highest standards in data security and privacy,” said Jitin Bhasin, director, RupeeRedee in an official comment to ET.
RupeeRedee, is a subsidiary of Digital Finance International, which serves millions of customers across 16 countries. It is a digital platform, headquartered in Haryana, India. It enhances its services through technology to provide short-term lending, aiming to do so easily and efficiently.
Last week, an early-stage lending startup Rupee-Redee discovered vulnerabilities in its data stack stored on the Amazon cloud. A data security enthusiast who goes by the name of Gareth on Twitter pointed out that RupeeRedee was ‘leaking’ customer details because of some vulnerability on its cloud storage facilities. What could be accessed was customer scanned copies of Aadhaar or Pan cards which are usually submitted by applicants during KYC.
On being pointed out by ET, after some redacted files were put out in the public domain, the company swiftly got the leak sealed with help of professionals by late Friday.
“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data surveillance enthusiast. Thankfully the vulnerability was recognized and fixed within a few hours thereby preventing any compromise of our systems or customer data. It is noteworthy that we have been audited by Certified Information Systems Auditor (CISA) in the recent past and continue to be committed to maintaining highest standards in data security and privacy,” said Jitin Bhasin, director, RupeeRedee in an official comment to ET.
RupeeRedee, is a subsidiary of Digital Finance International, which serves millions of customers across 16 countries. It is a digital platform, headquartered in Haryana, India. It enhances its services through technology to provide short-term lending, aiming to do so easily and efficiently.
from E Hacking News - Latest Hacker News and IT Security News http://bit.ly/2RHaiZK