Broking firm Angel One reports data breach; no impact on clients funds

Stock broking firm Angel One, formerly known as Angel Broking, on Friday reported a data breach, saying the client holding data may have been accessed in an unauthorised manner.

The company is in the process of verifying the breach, including its source, and taking relevant action, it said in an exchange filing. 

“The company received emails on April 20, 2023, claiming unauthorised access of clients’ data. We are in the process of verifying the veracity of such claims, which suggest that certain client profile data (like name, email, mobile number); and client holding data may have been accessed in an unauthorised manner,” it said. 

The fintech firm said it has verified that the breach does not have any impact on client securities, funds, and credentials, and all client accounts are secure. It claimed that the clients’ login credentials are kept encrypted in the systems, and have not been compromised.

“The data, claimed to have been accessed, cannot be used for any transactions. In any case, the company deploys 2FA (Two Factor Authentication) protocol for login/access to all client accounts, which includes verification by OTP (One Time Password) and the clients’ M-PIN,” it added. 

The firm said its current infrastructure has been validated to prevent any further unauthorised access. As per the Q4 results, the company's total client base stood at 1.37 crore as of March 2023.

The breach comes a day after online rental marketplace startup Rentomojo reported an instance of data breach, which is likely to affect its 1.5 lakh subscribers. 

The incident was reported to the appropriate authorities, and an investigation is ongoing. The management, in a statement, had assured that the breach will have no impact on any financial information like credit cards, debit cards, or UPI, as it never store them in the firm's database.