Signzy investigating KYC customer data breach

A malware attack against Signzy has led to the appearance of alleged customer data from at least two of the KYC provider’s clients on the dark web.

The company and India’s Computer Emergency Response Team (CERT-In) each confirmed the breach to TechCrunch. Signzy customer PayU told the publication that it had received confirmation that its data was not compromised in the attack. Other customers, including ICICI Bank, told TechCrunch they were unaffected.

Signzy collects various credentials, including Aadhaar numbers and scans of passport or voter IDs, along with selfie biometrics and other personal information. What customer data was offered on the dark web is not included in reporting, or disclosed by Signzy. Biometric Update has asked the company for details, and will update this article when they are received.

A company spokesperson told TechCrunch that it has hired a third party to investigate the incident.

Signzy’s customer base includes India’s four largest banks among 600 financial institutions from around the world. Canadian fintech Asapp Financial Technology signed up to bring Signzy’s optical character recognition (OCR) and biometric liveness detection to Canadian banks in October.

MediaNama notes the relatively high rate of cyberattacks suffered by Indian organizations: second highest in the Asia Pacific region during the second quarter of this year, according to Check Point Research.

Article Topics

biometrics  |  data privacy  |  data protection  |  digital identity  |  KYC  |  Signzy