A data breach exposed the personal information of about 7.9 million customers of Mumbai-based stock broking firm Angel One. The leaked personally identifiable information (PII) includes names, addresses, contact numbers, and bank account details. The hacker claimed to have access to customers’ stock holdings and profit and loss statements, stating that only a portion of the data has been released so far.
A private cybersecurity consultant, who reviewed the leaked data, believes it dates back to around 2023. “Typically, in such cases, threat actors demand ransom, but it’s unclear what transpired between the hackers and the company since the data dump is a year and a half old,” he noted.
In response to queries, a company spokesperson assured that Angel One’s customer data is secure and there has been no new data leak. “The current issue pertains to an incident that occurred in April 2023, which was promptly reported to the relevant authorities. This incident has no impact on client securities, funds, or credentials, and all client accounts remain secure,” the spokesperson said.
On April 21 last year, Angel One had reported the data breach in a stock exchange filing, stating that unauthorized access to certain client profile data (such as names, emails, and mobile numbers) and client holding data may have occurred.
The cybersecurity consultant emphasized that while the data might be old, it remains valuable to spammers and scamsters targeting active traders. “These data points are crucial for scamsters to access personally identifiable information about consumers who are actively trading. The inclusion of bank account details is a major concern,” he said.
Angel One, India’s third-largest stock broking firm, has about 6.5 million active traders. The company reported a total operational revenue of Rs 1,357 crore and a net profit of Rs 339 crore for FY24.