Internet Freedom Foundation calls for probe into alleged MobiKwik data leak

BENGALURU:  A day after mobile payments start-up MobiKwik denied claims of mega data leak from its servers, the Internet Freedom Foundation (IFF) has written to the Computer Response team of the Ministry of Electronics and Information Technology (MeiTy), seeking enquiry into the reported breach under Section 70B(6) of the Information Technology Act, 2000. The advocacy group has also hit out at MobiKwik for shifting the blame of data leak on users by stating they might have uploaded their KYC details on multiple platforms.

The alleged data leak amounting to disclosure of 8.2 terabytes of sensitive information is being termed as the biggest such incident in the history which compromised the privacy of over 3.5 million users. “Users, security researchers and news organisations have reported that data of 10 crore Indians, including their passport details, addresses and phone numbers, is available for sale on the dark web.

As per press reports, the data was in the custody of MobiKwik, which provides a mobile-based payment system. We have written to the Computer Emergency Response Team (CERT-IN) asking them to initiate an inquiry over the data breach in terms of Section 70B(6) of the Information Technology Act, 2000,” IFF said in a social media post on Wednesday.

According to the advocacy group, MobiKwik should readily inform the affected users of the incident, provide them with due compensation under Section 43A of the IT Act, 2020, explain the reasons behind the breach, permit a third-party audit and stop threatening the security experts with the legal action. The incident has come to light at a time when India’s joint parliamentary committee is examining the Personal Data Protection Bill (PTPB) and IT minister Ravi Shankar Prasad has taken on tech giants like Facebook, WhatsApp and Twitter to ensure that the user data is not compromised.