To,

Shri Ajay Lakra,
Public Grievance Officer,
Indian Computer Emergency Response Team,
Ministry of Electronics and Information Technology
email: [email protected]

Sub: Regarding breach of 10 crores Mobikwik users data and 3.5 crore KYC data

Respected Officer,

All the major newspapers have reported about a dat breach at Mobikwik( Mobile phone based payment system and digital wallet). The reports estimate that  around 100 million Mobikwik users data and 3.5 Million KYC Data has been breached and are available for sale on darkweb. Mobikwik being a digital wallet makes individuals prone to cyber security attacks focused on their finances.
                                                
The leak contains a database portion of phone numbers, emails, hashed passwords, addresses, bank accounts & card numbers and other KYC details etc.. The size of the breached database is about 8.2 TB. The data is already being shown to anyone over the darkweb.

Mobikwik had already gone through a data breach back in 2010 and now they have openly denied these as false allegations on March 4th 2021 on twitter. Now it is a pattern in the data breaches happening on the behest of the corporations.

In this regard we ask for an investigation into this incident and update citizens on what has transpired at MobiKwik and what is happening with their data. As Public Grievance Officer, we hope you will provide us a redressal to this incident under Section 43 A of IT Act.
                                                
We are hoping you would carry out this exercise expeditiously and provide us a copy of the investigation. Kindly confirm receipt of this letter within 2 days as per your citizen’s charter and a detailed redressal for the grievance in a month’s time.
                                                
References:

1. https://blog.mobikwik.com/security-update-for-mobikwik-com-users/
2. https://twitter.com/MobiKwik/status/1367489330902675463

With Regards,
Kiran Chandra,
General Secretary,
Free Software Movement of India.