CDSL fixes vulnerability that exposed $6.2 million investors personal and financial data


A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over $6.2 million Indian investors twice in a period of 10 days, according to cyber security consultancy startup CyberX9.



The Central Depository Services (India) Limited (CDSL) is a SEBI-registered depository, and CDSL Ventures Ltd is a separately registered KYC registering agency with the Securities and Exchange Board of India (SEBI). The exposed data includes sensitive personal information about investors, including their full addresses. It also included financial information such as the annual income tax return, income estimates, net worth, demat account number, and other information.

3 views0 comments