Pine Labs is the latest victim of a data breach. The BlackMatter Ransomware Group has allegedly compromised around 500,000 Pine Labs records. The compromised data includes private customer agreements, personnel data, financial reports, and other internal papers. This is the latest attack on the fintech industry, following the Mobikwik breach.
On August 11, 2021, Cyble, a global threat intelligence company announced this data breach and also shared screenshots of the leaked data. However, Pine Labs has denied the data breach.
The Data Breach
According to BlackMatter Ransomware Group’s post, it was able to access 100GB of data. The group has released 500 MB of data as a sample. The compromised data includes service and private agreements, as well as invoices from Pine Labs to various financial institutions and Indian banks. Further, the breach also includes several Pine Labs employees’ names, departments, and email addresses. BusinessLine analyzed portions of the sample data.
Pine Labs is a B2B fintech solutions provider that works with a variety of banks and merchants.
Mobikwik data breach
The last incident of a data breach at a Fintech firm occurred at Mobikwik. As reported earlier, Mobikwik’s leaked database was approximately 8.2 TB in size and contained 36,099,759 files as well as KYC information for 3.5 million people. The seller of the database even built a portal on the dark web where users could search for details using a phone number or email address. The database was available for 1.5 Bitcoin (roughly $85,000).
The entire data dump was said to contain 350GB of MySQL dumps or 500 databases, 99 million email addresses, phone numbers, passwords, physical addresses, IP addresses, GPS Location, device-related data, and 40 million records of card numbers, expiration dates, and hashes.
Consequently, the RBI ordered a forensic audit after Mobikwik denial the claims of a data breach.
One needs to ponder how safe our data is with Fintechs with such rising incidents of data breaches. While India awaits Data Protection law, there is a strong need to inculcate healthy data practices to secure user privacy. To enforce data security standards in the digital payments domain, the RBI has released a Master Direction on Digital Payment Security Controls.