Upstox, India’s second largest stockbroker, has upgraded its security systems after receiving emails claiming unauthorised access into the company’s database.

“These claims suggested that some contact data and KYC [know-your-customer] details may have been compromised from third-party data-warehouse systems,” co-founder and Chief Executive Ravi Kumar said in a blog post. Upstox is the second largest stockbroker in India in terms of customer base, with nearly two million active users. 

Indian media reported the breach exposed data from users including photograph and ID, tax, bank account and phone numbers, although this was not confirmed by Kumar.

Acting on recommendations from a global cyber security firm, Upstox says it has strongly fortified its systems to the highest standards by: immediately restricting access to the impacted database; adding many security enhancements at all third-party data-warehouses; setting up real-time, round-the-clock monitoring; and ringfencing the network.

Saying customer safety is paramount, Kumar told clients: “We would like to assure you that your funds and securities are protected and remain safe. Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories.

“As a matter of abundant caution, we have also initiated a secure password reset via OTP [one-time password].”

Upstox has reported the incident to relevant authorities, he said.

Register to receive the latest cyber security news and analysis straight to your inbox