Breach Notification , Cybercrime , Finance & Banking
Central Depository Attack Delays Trade Settlement in IndiaSystems Are Back Online But Brokers Say Some Systems Are Still Affected
Trade-related services resumed Monday at Central Depository Services Ltd. in India, days after trading was suspended during a cyberattack Friday. All pending trades have now been settled, though brokers report some continued IT issues. The service says it appears that no data has been compromised.
The depository made the announcement on Twitter on Sunday.
Founded in 1999, CDSL is the first listed Indian central securities depository, which facilitates holding and trading securities in electronic form. It also helps settle trades on a majority of the stock exchanges in the country.
On Friday, CDSL informed the National Stock Exchange that it had detected malware on some of its systems and had disconnected itself from systems linked to capital markets.
CDSL did not provide details on the type of malware or the impact on systems. In a letter sent to the National Stock Exchange, the depository says that based on its initial investigation, "there is no reason to believe that any confidential information or the investor data has been compromised."
The depository also informed authorities, including the Securities and Exchange Board of India and the Indian Computer Emergency Response Team.
CERT-In recently changed its breach reporting guidelines to mandate a six-hour reporting rule for cyber incidents, and SEBI asked Indian stock brokers and trading houses to report cybersecurity incidents within six hours of detecting the incident (see: Indian Stock Exchanges Have 6 Hours to Report Cyber Incident).
Brokers Continue to Face Issues
While trading resumed, several stock brokers said services such as pay-in, pay-out, and pledged or unpledged securities for margin were down due to system failure at the CDSL.
One of the affected brokers is Zerodha, which has India's largest stock customer base and generates over 15% of all daily retail order volume. Zerodha users' pledge and unpledge requests, gift requests, mutual fund redemption requests and settlement processes were offline until Sunday morning.
Brokering firm 5paisa continued to report issues on Monday, saying on Twitter that "due to downtime at the CDSL system, pledge/funding pledge API services are down."