Signzy, a Bengaluru-based provider of online identity verification services, has confirmed a recent security breach impacting its systems. The company, which helps financial institutions with customer onboarding and KYC (Know Your Customer) processes, serves over 600 clients, including major banks like ICICI Bank, SBI, and Aditya Birla Financial Services. The cyberattack, reportedly involving “information stealer malware,” was detected last week, and Signzy has acknowledged the incident but declined to provide further details.
According to sources, the malware may have exposed some of Signzy’s customer data, which briefly appeared on a cybercrime forum. Despite these concerns, several of Signzy’s major clients, including PayU and ICICI Bank, have reassured the public that their customer data was unaffected by the breach. PayU confirmed that no exposure to customer data occurred, and ICICI Bank stated that it had no exposure either. These statements indicate that the full scope of the breach may not have impacted all of Signzy’s clients equally.
In response to the attack, Signzy has hired a professional agency to investigate the security breach. The company has also informed its clients, regulators, and stakeholders about the incident. However, Signzy has not disclosed whether any data was exfiltrated during the attack. The company has remained cautious, providing limited details as the investigation continues, likely due to the sensitivity of the data involved.
Signzy’s rapid growth since its founding in 2015 has made it a key player in the fintech space, especially for India’s financial institutions. As a provider of critical services for financial firms globally, this incident raises concerns about the security of sensitive customer data in the digital age. While the breach appears to have had limited impact on some of its clients, Signzy’s handling of the investigation and communication with regulators will be closely watched as they work to secure their systems and prevent future attacks.
Reference:
