India’s leading central securities depository, Central Depository Services Limited, or CDSL, says its systems have been compromised by malware.
On Friday, the securities depository said in a filing with India’s National Stock Exchange that it detected malware affecting “a few of its internal machines.”
“As a matter of abundant caution, the company immediately isolated the machines and disconnected itself from other constituents of the capital market,” the filing said.
CSDL said it continues to investigate, and that it has so far “no reason to believe that any confidential information or the investor data has been compromised” due to the incident.
CDSL has not yet revealed the exact details of the malware. At the time of writing, the company’s website was down. The company declined to say if the two are related.
Banali Banerjee, an agency spokesperson, said CDSL declined to answer our other questions, including if the company stores logs that would allow it to determine what, if any, data was exfiltrated from its network. “We are working towards resolutions,” the spokesperson said.
Mumbai-based CDSL claims to maintain and service nearly 75 million trader accounts — locally called demat accounts — of investors across the country. The company also counts Bombay Stock Exchange, Standard Chartered Bank, and Life Insurance Corporation among its significant shareholders.
Founded in 1999, CDSL is India’s only publicly listed and the country’s second-largest depository after the National Depository Services Limited, or NDSL, the oldest securities depository. CDSL allows the holding of securities and their transactions in electronic form and facilitates trade settlements on stock exchanges.
“The CDSL team has reported the incident to the relevant authorities and is working with its cyber security advisors to analyze the impact,” the company said in its stock exchange filing.