Data Breach at MobiKwik

Data Breach at MobiKwik
Case Code: ITSY121
Case Length: 8 Pages
Period: 2021
Pub Date: 2021
Teaching Note: Available
Price: Rs.300
Organization: MobiKwik System Pvt. Ltd
Industry: Financial Services
Countries: India
Themes: Information Security, Data Privacy, Information Systems, FinTech
Data Breach at MobiKwik
Abstract Case Intro

Abstract

The case is about the data security breach at digital payment platform MobiKwik. In early March 2021, the data of nearly 110 million users of the mobile wallet was reported to be on sale on a hacker forum on the dark web. The dataset included details of KYC documents, Aadhaar card and credit card details, and mobile phone numbers linked to the MobiKwik app. The breach was first exposed by an independent security researcher Rajshekhar Rajaharia. However, MobiKwik denied that any such breach had occurred and stated that it was fully compliant with all applicable data security laws. It blamed users instead for their data ending up on the dark web. The company even targeted the cybersecurity experts who brought the hack to light. The evidence of the hack, however, was hard to ignore, and the breach had serious implications both for the company and its customers.

Following the data breach allegations, the Reserve Bank of India (RBI) ordered a forensic data security audit of the company’s systems by a certified auditor. The Indian government is yet to introduce a Personal Data Protection Law (PDP Law) in Parliament. The data breach incident at MobiKwik raised the issue of the presence of the regulatory ecosystem and intervention in a scenario where security experts claim a major breach while the company in question denies it. The MobiKwik data breach turned the spotlight on data privacy, and the need for strict laws to penalize entities involved in data breaches.

Issues

The case is structured to achieve the following teaching objectives:

  • Understand the reasons behind the alleged data breach at MobiKwik
  • Understand why Information Systems are vulnerable in organizations
  • Understand the importance of data security in organizations
  • Study the impact of the breach on Mobikwik and its customers
  • Analyze the steps MobiKwik should take to prevent data breach incidents in future

Contents

Keywords

Information Security System; Data Breach; Data Security System; Privacy Protection; Data leaks; Data Privacy; FinTech

Buy this case study (Please select any one of the payment options)

Price: Rs.300
Price: Rs.300
PayPal (7 USD)

Custom Search