[BreachExchange] Lending firm RupeeRedee faces customer data breach

Destry Winant destry at riskbasedsecurity.com
Mon Jan 21 07:23:19 EST 2019


https://tech.economictimes.indiatimes.com/news/startups/lending-firm-rupeeredee-faces-customer-data-breach/67616560

New age data-driven technology companies are always prone to attack on
their data storage facilities, more so if they are in the fintech
domain.

Last week, an early stage lending startup RupeeRedee discovered
vulnerabilities in its data stack stored on the Amazon cloud.

A data security enthusiast who goes by the name of Gareth on
micro-blogging site Twitter pointed out that RupeeRedee was ‘leaking’
customer details because of some vulnerability on its cloud storage
facilities. What could be accessed was customer scanned copies of
Aadhaar or Pan cards which are usually submitted by applicants during
KYC.

On being pointed out by ET, after some redacted files were put out in
the public domain, the company swiftly got the leak sealed with help
of professionals by late Friday.

“A potential isolated vulnerability in one of our data storage block
(Amazon) was brought to our attention by a data surveillance
enthusiast. Thankfully the vulnerability was recognized and fixed
within a few hours thereby preventing any compromise of our systems or
customer data. It is noteworthy that we have been audited by Certified
Information Systems Auditor (CISA) in the recent past and continue to
be committed towards maintaining highest standards in data security
and privacy,” said Jitin Bhasin, director, RupeeRedee in an official
comment to ET.

Gurugram based RupeeRedee is part of the Digital Finance
International, a Moscow based financing entity and is in very early
stages of operations in the country. As per its website, the company
facilitates instant personal loans through its platform and offers a
rate of interest of 0.082% per day.

A few months back, another digital lending startup EarlySalary, which
is backed by Dewan Housing Finance, was in the news for a similar data
breach which caused personal details of 20,000 of its prospective
customers who had not secured financing from them to get leaked
outside.


More information about the BreachExchange mailing list