KYC service provider Signzy reports data breach

Signzy, a major Know Your Customer (KYC) service provider based in India is reporting a malware attack resulting in a data breach. Signzy provides KYC services to over 600 financial institutions worldwide, including India's four largest banks.

Signzy has initiated their incident response plan, including a third-party investigator to conduct a thorough investigation and is ooperating with CERT-In regarding the incident.

The incident has been confirmed by both the company and India's Computer Emergency Response Team (CERT-In). The incident has resulted in alleged customer data appearing on dark web forums. The breached data includes:

• Aadhaar numbers
• Passport scans
• Voter ID scans
• Selfie biometrics
• Other personal information

While the breach has been confirmed, the exact scope remains unclear. The nature of the attack and the number of affected individuals is not disclosed.

Some of the major clients like PayU and ICICI Bank claim they are not affected.