India’s leading central securities depository, Central Depository Services Limited, or CDSL, says its systems have been compromised by malware.
On Friday, the securities depository said in submission with the National Stock Exchange of India that it had discovered malware affecting “several of its internal machines.”
“As a matter of an abundance of caution, the company immediately isolated the machines and cut itself off from other components of the capital market,” the filing said.
CSDL said it is continuing to investigate and that so far there is “no reason to believe that confidential information or investor data has been compromised” due to the incident.
CDSL has not yet disclosed the exact details of the malware. At the time of writing, the company’s website was down. The company declined to say whether the two are related.
Banali Banerjee, a spokeswoman for the agency, said CDSL also declined to answer our other questions, including whether the company keeps logs that would allow it to determine what, if any, data has been exfiltrated from its network. “We are working on solutions,” the spokesman said.
Mumbai based CDSL claims to maintain and service nearly 75 million dealer accounts — locally called demat accounts — of investors across the country. The company also counts Bombay Stock Exchange, Standard Chartered Bank and Life Insurance Corporation among its significant shareholders.
Established in 1999, CDSL is the only publicly listed depository in India and the second largest depository in the country after National Depositary Services Limited or NDSL, the oldest securities depository. CDSL enables the holding of securities and their transactions in electronic form and facilitates trade settlements on stock exchanges.
“The CDSL team has reported the incident to the appropriate authorities and is working with its cybersecurity advisors to analyze the impact,” the company said in its stock filing.