Signzy, a popular vendor that provides online “know your customer” identity authentication and customer onboarding services to some of the largest financial institutions, commercial banks, and fintech companies, has confirmed the security incident, TechCrunch exclusively learned. Reporting.
The Bangalore-based startup, which serves more than 600 financial institutions around the world, including India's four largest banks, suffered a cyberattack last week, according to people who spoke to TechCrunch. On Saturday, Signzy told TechCrunch that he was aware of the security incident but declined to provide further details.
India's Computer Emergency Response Team, known as CERT-In, separately confirmed to TechCrunch that it is aware of the incident and is “in the process of taking appropriate action with the relevant authorities.”
Founded in 2015, Signzy enables onboarding of 10 million customers and businesses every month. The startup has Indian offices in Bengaluru, Gurugram and Mumbai, as well as offices in New York and Dubai, and some of its major clients include ICICI Bank, SBI, MSwipe and Aditya Birla Financial Services. Included.
TechCrunch learned about the security incident from sources including two Signzy customers who were concerned about suspected customer data that briefly appeared in a cybercrime forum post seen by TechCrunch.
Another Signzy customer, PayU, said Signzy was attacked by “information-stealing malware” and claimed it was not exposed to the incident.
“Signzy's information-stealing malware has no impact on PayU customers or their data. We provide written confirmation that PayU and its customers' data has not been compromised and remains secure with the highest security standards in place. from the vendor,” PayU spokesperson Dimple Mehta told TechCrunch.
He said no other customers were affected. In response to a question from TechCrunch, ICICI Bank said it was not involved in the incident.
In a statement to TechCrunch, Signzy declined to comment on whether customer data was compromised. Signzy spokesperson Debdoot Majumder said the company has hired a “specialized agency to conduct a security incident investigation.”
The startup, backed by investors including Mastercard, Vertex Ventures, Kalari Capital and Gaja Capital, said it had notified customers, regulators and stakeholders about the security incident.
Asked whether the company had partnered with India's central bank, the Reserve Bank of India, Sigji said he had not been contacted. The central bank did not respond to requests for comment.