India’s Central Bank Demands MobiKwik Examine Alleged Data Leak

India’s central bank is demanding that the digital payments firm MobiKwik have an external audit conducted regarding allegations that a hacker stole data from its 110 million users, Reuters reported on Thursday (April 1), citing sources.

The Reserve Bank of India (RBI) warned that the FinTech startup will be hit with penalties if a breach is discovered, according to the source, per Reuters. The RBI was “not happy” with MobiKwik’s first response, and the payment firm is now being told to promptly get the audit done.

“The RBI has given MobiKwik an ultimatum and ordered them to retain an external auditor to conduct a forensic audit,” the source said, per Reuters. 

The central bank can issue a minimum $6,811 fine if a breach is found. MobiKwik has denied any database leaks happened and reportedly threatened legal action against cybersecurity analyst Rajashekhar Rajaharia who discovered the issue. 

Several MobiKwik users said this week that they found their credit card and other information on a “leaked online database” that allegedly belonged to MobiKwik, Reuters reported. The company has denied the allegation.

The Internet Freedom Foundation (IFF), a New Delhi digital rights group, reportedly asked India’s cybersecurity agency to investigate MobiKwik’s alleged data breach. 

Press Trust of India (PTI) reportedly got a link to a database used by most MobiKwik customers from the hacker group Jordandaven, First Post reported. Jordandaven reportedly said that they were not planning to exploit the data, and as soon as they received payment from the MobiKwik, the data would be deleted. 

Jordandaven then reportedly went on to give PTI the data of MobiKwik founder Bipin Preet Singh and MobiKwik chief executive officer Upasana Taku, all taken from the database, per First Post.

MobiKwik said it is taking the matter seriously and will work with authorities and will also hire a forensic auditing team to look into the breach allegations.