Skip to content

Fintech firm Signzy confirms data breach, investigations underway

  • by
  • 2 min read

Bengaluru-based Signzy, a prominent player in online ‘know your customer (KYC)’ verification and customer onboarding services, has confirmed a recent security breach. The startup, which supports over 600 financial institutions globally — including India’s largest banks — disclosed the incident last week but refrained from providing details.

Sources close to the matter revealed TechCrunch that Signzy’s systems were compromised, potentially exposing sensitive customer data. While Signzy has not officially confirmed data exfiltration, concerns were heightened when alleged customer information briefly surfaced on a cybercrime forum.

India’s Computer Emergency Response Team (CERT-In) acknowledged the incident, stating it is “in the process of taking appropriate action with the concerned authority.”

Despite the breach, major clients such as ICICI Bank and Pay U reported no direct impact on their operations or customer data. Pay U attributed the incident to “information stealer malware” and emphasised its data security measures.

“There is no impact on PayU customers or their data due to Signzy’s information stealer malware. We have received written confirmation from the vendor that PayU and its customers’ data have not been compromised and remain secure with the best security standards in place,” said a Pay U spokesperson.

Signzy has engaged a third-party professional agency to investigate the breach and has informed clients, regulators, and stakeholders. However, the company declined to comment whether customer data had been accessed or stolen.

The company was founded in 2015 and has offices in multiple Indian and foreign cities, including Bengaluru, Gurugram, Mumbai, New York, and Dubai.

In August 2024, C-Edge Technologies Ltd., a key service provider for cooperative and regional rural banks (RRBs) in India was hit by a ransomware attack affecting more than 300 banks.

The National Payments Corporation of India (NPCI) halted the payment systems to prevent additional damage. However, after a day, the NPCI re-established a connection with C-Edge after quarantining the issue.

In the News: Apple faces lawsuit allegaing worker surveillance and gag orders

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>