[ad_1]
Signzy, a popular vendor that provides online KYC identity verification and customer onboarding services to several major financial institutions, commercial banks and fintech companies, has confirmed that a security incident has occurred, and TechCrunch can report on it exclusively.
The Bengaluru-based startup, which serves more than 600 financial institutions globally — including the top four Indian banks, was hit by a cyberattack last week, according to sources who spoke with TechCrunch. On Saturday, Signzy told TechCrunch that it was aware of the security incident but declined to go into detail.
India’s Computer Emergency Response Team, known as CERT-In, separately acknowledged to TechCrunch that it was aware of the incident and “is in the process of taking appropriate action with the relevant authority.”
Founded in 2015, Signzy onboards 10 million customers and businesses monthly. The startup, which has offices in New York and Dubai — in addition to its India offices in Bengaluru, Gurugram and Mumbai — counts several major companies among its key clients, including ICICI Bank, SBI, MSwipe and Aditya Birla Financial Services.
TechCrunch learned of the security incident from sources, including two Signzy customers, who were concerned about alleged customer data that briefly appeared in a cybercrime forum post, which TechCrunch viewed.
PayU, another Signzy customer, said Signzy had been hit by “information-stealing malware” and confirmed it was not involved in the incident.
“There is no impact on PayU customers or their data due to Signzy’s information theft malware. We have received written confirmation from the vendor that PayU and its customers’ data have not been compromised and remain secure with the best security standards in place,” PayU spokesperson Dimple Mehta told TechCrunch.
Other customers said they were not affected. When asked by TechCrunch, ICICI Bank stated that it was not involved in the incident.
In a statement to TechCrunch, Signzy declined to comment on whether customer data had been leaked. Signzy spokesman Debdut Majumder said the company had hired a “professional agency to conduct the investigation into the security incident.”
The startup, backed by investors including Mastercard, Vertex Ventures, Kalaari Capital and Gaja Capital, said it had informed its customers, regulators and stakeholders about the security incident.
When asked if the company had dealings with the Reserve Bank of India, the country’s central bank, Signezy said he had no contact. The central bank did not respond to a request for comment.
[ad_2]