Signzy, Indian Online ID Verification Firm, Faces Security Incident

Signzy, a prominent vendor specializing in online “know your customer” ID verification and customer onboarding services for leading financial institutions, commercial banks, and fintech companies, has recently been confirmed to have experienced a security breach, as reported exclusively by TechCrunch.

Details of the Incident

Last week, the Bengaluru-based startup, which caters to more than 600 financial institutions worldwide, including the four largest Indian banks, fell victim to a cyberattack. While Signzy acknowledged the security incident to TechCrunch on Saturday, the company refrained from providing further details on the matter.

India’s computer emergency response team, CERT-In, also acknowledged being aware of the incident and is currently taking necessary actions in collaboration with the relevant authorities.

Impact on Customers and Response

Signzy, established in 2015, facilitates the onboarding of 10 million customers and businesses on a monthly basis. Despite having offices in New York and Dubai, in addition to multiple locations across India, the startup’s key customers, such as ICICI Bank, SBI, MSwipe, and Aditya Birla Financial Services, have expressed concerns following the breach.

According to sources, including two Signzy clients, there were reported sightings of alleged customer data on a cybercrime forum post. However, some customers, like PayU, reassured that their data and that of their customers remained secure, unaffected by the incident.

Company Response and Investigation

In response to inquiries, Signzy declined to confirm whether customer data had been compromised. Debdoot Majumder, a spokesperson representing Signzy, mentioned that the company had engaged a professional agency to conduct a comprehensive investigation into the security incident.

Despite being backed by notable investors like Mastercard, Vertex Ventures, Kalaari Capital, and Gaja Capital, Signzy has taken proactive steps to inform its clients, regulators, and stakeholders about the breach. However, when questioned about involvement with the Reserve Bank of India, the central bank, Signzy stated that there had been no communication between the two parties.

As the investigation unfolds, customers and stakeholders alike remain apprehensive about the potential repercussions of this security incident on their sensitive data and privacy. Signzy’s ability to restore trust and safeguard against future cyber threats will be crucial in maintaining its reputation and upholding data security standards in the industry.