Personal data of almost 8 million Angel One customers leaked online

In a significant data breach, approximately 7.9 million pieces of personally identifiable information (PII) belonging to customers of the Mumbai-based stock broking firm Angel One were leaked on an online hacker portal on Tuesday. The exposed data includes names, addresses, contact numbers, and even bank account details of the affected individuals. The hacker also claimed to have accessed the stock holdings and profit and loss statements of these customers.

A private cybersecurity consultant who reviewed the data noted that it appears to be from around 2023. The hacker asserted that only a portion of the data has been released so far. “Typically, in such cases, there is a ransomware demand, but we do not know what exactly transpired between the hackers and the company since the data dump is a year and a half old,” he stated.

On April 21, 2023, Angel One had filed a report with the stock exchange indicating a data breach. “We are in the process of verifying the veracity of such claims, which suggest that certain client profile data (like name, email, mobile number) and client holding data may have been accessed in an unauthorized manner,” the firm mentioned in a BSE filing at that time. Emailed queries to the stock broker for comments went unanswered.

The cybersecurity consultant further explained that while the data might be dated, spammers and scammers often use such information to target potential trading customers. “These are very good sources for scammers to access personally identifiable information about consumers who are trading actively. The data gives out their bank account details too, which is a major concern,” he added.

Angel One is the third-largest stock broking company in India, with around 6.5 million active traders. The company reported a total operational revenue of Rs 1,357 crore and a net profit of Rs 339 crore for FY24.