 "CDSL detects malware in a few internal machines; settlements delayed")
India’s largest depository in terms of numbers of accounts, Central Depository Services (India) (CDSL), faced cyber security issues on Friday, which impacted settlement activities.
The depository detected malware in a few of its internal machines, following which the company isolated the machines and disconnected itself from other constituents of the capital market.
“As per initial findings, there is no reason to believe that any confidential information or the investor data has been compromised,” said CDSL in a statement. The incident has been reported to the authorities.
The official website of the securities depository remained non-functional and showed error till the filing of the story on Friday.
“(The company) is working with its cyber security advisors to analyse the impact. Resolution of the incident is in process, subsequent to which settlement activities would be completed,” added CDSL.
In October 2021, reports claimed that a vulnerability at a CDSL subsidiary -- CDSL Ventures Limited (CVL) -- exposed personal and financial data of over 43 million investors, twice in a period of 10 days.
Cyber security consultancy startup CyberX9 had claimed that the securities depository took around seven days to fix the bug which could have been resolved immediately.
At the end of August, CDSL operated 71.6 million demat accounts with assets under custody of Rs 38.5 trillion.
In its annual report for 2021-22, the Securities and Exchange Board of India (Sebi) had proposed to conduct a special purpose cyber audit of all market infrastructure institutions (MIIs) to evaluate their preparedness for any cyber threat.
Sebi had noted that in the view of various cyber security, MIIs, registrars to an issue and share transfer agents (RTAs), KYC registration agencies (KRAs) and top broking companies will be directed to submit their security audit reports and their compliance reports to Sebi for detailed analysis.
Last month, Sebi chair Madhabi Puri Buch had hinted at a new framework to protect investor trades at an incident of cyber security attack or breach facilitating exchange of data between stock exchanges.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%