Cyber Incident Victim: Upstox

On April 11, 2021, independent cybersecurity researcher Rajshekhar Rajaharia disclosed a significant data breach affecting Indian brokerage firm Upstox, exposing sensitive information of approximately 2.5 million users on the dark web. The compromised data included customer names, email addresses, dates of birth, bank account details, and approximately 56 million Know Your Customer (KYC) documents extracted from the company's servers. While the exact timeline of the breach remained unclear at disclosure, Upstox confirmed unauthorized access to its database had occurred prior to the announcement. The incident marked another major cybersecurity failure in India's financial sector, following closely after digital wallet service MobiKwik's breach involving 8.2 terabytes of user data. Upstox did not specify whether the breach resulted from external attacks or internal vulnerabilities, though evidence suggested exposed data originated from their systems.

In response to the breach, Upstox initiated immediate security upgrades and containment measures while emphasizing that user funds and securities remained protected. The company forced password resets for all customer accounts and restricted access to the compromised database, with reports indicating a misconfigured Amazon Web Services (AWS) server as the potential entry point. Additional security enhancements were implemented at third-party data warehouses, along with network ring-fencing to prevent lateral movement. Despite these actions, Upstox refrained from disclosing the precise number of affected client accounts or confirming whether the breach involved direct system infiltration versus accidental data exposure. The incident occurred amid a surge of cybersecurity incidents affecting major Indian companies including BigBasket, Dunzo, Edureka, Paytm Mall, and WhiteHat Jr, highlighting systemic vulnerabilities in the region's digital infrastructure during this period.