In a significant data breach, the personal information of approximately 7.9 million customers of Mumbai-based stock broking firm Angel One has been published online on a hacker forum. The breach, which reportedly occurred last year, exposed a wealth of personally identifiable information (PII) including names, addresses, contact numbers, and bank account details.

 

Details of the Breach

The leaked data, now accessible to malicious actors, was reportedly placed online by a hacker. This data dump includes sensitive customer information, causing concern over potential misuse. A cybersecurity expert who reviewed the data suggested it dates back to around 2023.

 

Angel One’s Response

In response to the breach, an Angel One spokesperson assured, "Angel One's customer data is secure, and there has been no new data leak incident. The current issue pertains to an incident that occurred in April 2023, which was promptly reported to the relevant authorities. We assure you that this incident has no impact on client securities, funds, or credentials, and all client accounts remain secure."

 

Potential Misuse of Data

The hacker has claimed access to stock holdings and profit and loss statements of customers, indicating that only a portion of the data has been released so far. The cybersecurity consultant highlighted that while the data might be old, it can still be a goldmine for spammers and scammers who target active trading customers. "These data points are very valuable for scamsters, providing bank account details which is a major concern," he noted.

 

Previous Disclosure

Angel One had previously disclosed the data breach in a stock exchange filing on April 21, 2023. The company stated, "We are in the process of verifying the veracity of such claims, which suggest that certain client profile data (like name, email, mobile number); and client holding data may have been accessed in an unauthorized manner."

 

Company Overview

Angel One is India’s third-largest stock broking firm, with about 6.5 million active traders. The company closed FY24 with a total operational revenue of Rs 1,357 crore and a net profit of Rs 339 crore.

 

Broader Implications

This breach underscores the critical importance of cybersecurity in protecting sensitive financial data. With less than 5% of companies in India prepared to tackle cybersecurity risks, as highlighted in a recent Cisco report, this incident serves as a wake-up call for the industry.

 

Conclusion

The Angel One data breach highlights the vulnerabilities present in financial systems and the need for stringent cybersecurity measures. As investigations continue, customers and stakeholders will be closely watching how Angel One addresses and mitigates the fallout from this significant data leak.