Signzy Confirms Security Incident, Investigation Underway

Max Carter

Max Carter

December 02, 2024 · 3 min read
Signzy Confirms Security Incident, Investigation Underway

Signzy, a prominent vendor offering online "know your customer" ID verification and customer onboarding services to several top financial institutions, commercial banks, and fintech companies, has confirmed a security incident, TechCrunch can exclusively report. The Bengaluru-based startup, which serves over 600 financial institutions globally, was hit by a cyberattack last week, according to sources speaking with TechCrunch.

On Saturday, Signzy told TechCrunch it was aware of the security incident but declined to elaborate. India's computer emergency response team, known as CERT-In, separately acknowledged TechCrunch that it was aware of the incident and "in process of taking appropriate action with the concerned authority."

Founded in 2015, Signzy enables onboarding for 10 million customers and businesses monthly. The startup, which has offices in New York and Dubai — in addition to its India offices in Bengaluru, Gurugram, and Mumbai — counts several major companies among its key customers, including ICICI Bank, SBI, MSwipe, and Aditya Birla Financial Services.

TechCrunch learned about the security incident from sources, including two Signzy clients, who were concerned about the alleged customer data that briefly appeared on a cybercrime forum post, which TechCrunch has seen. PayU, another Signzy customer, said that Signzy was hit by an "information stealer malware" and asserted that it had no exposure to the incident.

"There is no impact on PayU customers or their data due to Signzy's information stealer malware. We have received written confirmation from the vendor that PayU and its customers' data have not been compromised and remain secure with the best security standards in place," PayU spokesperson Dimple Mehta told TechCrunch.

Other customers said they were unaffected. When asked by TechCrunch, ICICI Bank stated that it had no exposure to the incident. In a statement to TechCrunch, Signzy declined to comment on whether customer data had been exfiltrated.

Debdoot Majumder, a spokesperson representing Signzy, said the company had hired a "professional agency for conducting the security incident investigation." The startup, backed by investors including Mastercard, Vertex Ventures, Kalaari Capital, and Gaja Capital, said it had informed its clients, regulators, and stakeholders about the security incident.

When asked if the firm had engaged with the Reserve Bank of India, the country's central bank, Signzy said it had no communication. The central bank didn't respond to a request for comment. The incident raises concerns about the security of customer data and the potential impact on the fintech industry as a whole.

The security incident at Signzy highlights the importance of robust cybersecurity measures in the fintech sector, where sensitive customer data is often at risk. As the investigation unfolds, it remains to be seen what measures will be taken to prevent similar incidents in the future and to ensure the integrity of customer data.

Similiar Posts

Copyright © 2023 Starfolk. All rights reserved.