The Securities and Exchange Board of India (SEBI) has filed a police report, stating that unidentified individuals sent 34 emails using 11 of its employees work-related email addresses. Officials at SEBI, however, said that no sensitive data was taken.
Abhijit Chandrakant, the ISD manager, filed a complaint with Varunkumar Kishan Gopal, an assistant manager in the IT division of SEBI’s Bandra-Kurla Complex (BKC) headquarters, on May 23.
Chandrakant believed that someone had gained access to his work email account and was using it to send emails. Gopal discovered that 11 officials’ email accounts had been compromised when he accessed the SEBI disaster recovery site.
According to a police officer, “up to 34 emails were sent to various accounts from these official IDs.”
The accused allegedly stole certain private information about the email recipients using the official SEBI accounts, according to police suspicions.
“The receivers emails contained links. Once the recipients clicked the link, the accused might have been able to access the data,” Gopal added.
According to officials, several mitigating steps were taken right away, including alerting CERT-IN and upgrading the system’s necessary security setup.
It was only a little event. CERT-IN has been fully informed. Nothing private was lost. According to SEBI’s chief general manager Hariharan N, the issue’s main cause has been identified and corrected.
On Friday, a case was filed at the BKC police station under the provisions of sections 419 of the Indian Penal Code (penalty for cheating by personation), 43 A (compensation for failure to preserve data), and 66C (punishment for identity theft).
