Breach Notification , Cybercrime , Finance & Banking

Central Depository Attack Delays Trade Settlement in India

Systems Are Back Online But Brokers Say Some Systems Are Still Affected
Central Depository Attack Delays Trade Settlement in India

Trade-related services resumed Monday at Central Depository Services Ltd. in India, days after trading was suspended during a cyberattack Friday. All pending trades have now been settled, though brokers report some continued IT issues. The service says it appears that no data has been compromised.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The depository made the announcement on Twitter on Sunday.

Founded in 1999, CDSL is the first listed Indian central securities depository, which facilitates holding and trading securities in electronic form. It also helps settle trades on a majority of the stock exchanges in the country.

What Happened

On Friday, CDSL informed the National Stock Exchange that it had detected malware on some of its systems and had disconnected itself from systems linked to capital markets.

CDSL did not provide details on the type of malware or the impact on systems. In a letter sent to the National Stock Exchange, the depository says that based on its initial investigation, "there is no reason to believe that any confidential information or the investor data has been compromised."

The depository also informed authorities, including the Securities and Exchange Board of India and the Indian Computer Emergency Response Team.

CERT-In recently changed its breach reporting guidelines to mandate a six-hour reporting rule for cyber incidents, and SEBI asked Indian stock brokers and trading houses to report cybersecurity incidents within six hours of detecting the incident (see: Indian Stock Exchanges Have 6 Hours to Report Cyber Incident).

Brokers Continue to Face Issues

While trading resumed, several stock brokers said services such as pay-in, pay-out, and pledged or unpledged securities for margin were down due to system failure at the CDSL.

One of the affected brokers is Zerodha, which has India's largest stock customer base and generates over 15% of all daily retail order volume. Zerodha users' pledge and unpledge requests, gift requests, mutual fund redemption requests and settlement processes were offline until Sunday morning.

Brokering firm 5paisa continued to report issues on Monday, saying on Twitter that "due to downtime at the CDSL system, pledge/funding pledge API services are down."


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.