Unknown persons use 11 SEBI ids to send emails, FIR registered
“We got emails which had a link that probably was sent to obtain information from the recipients of the emails. The accused could perhaps obtain the information once the recipients clicked the link,” said Kishan Gopal
Mumbai: The Securities and Exchange Board of India (SEBI) has lodged a complaint against unknown persons for allegedly accessing the official email accounts of its 11 employees, sending 34 emails from them, and snoop at its confidential data.

A suspicious activity was first brought to the notice of Varunkumar Kishan Gopal, 31, who works in SEBI’s head office at Bandra-Kurla Complex in the IT department as assistant manager. According to cops, on May 23, 2022, Gopal received a complaint from ISD manager, Abhijit Chandrakant, one of the officers of SEBI. He suspected that his official email id was used by unknown persons, and emails were sent from it.
The police said when Kishan Gopal checked the disaster recovery site of SEBI, he learnt that the email ids of eleven officers were accessed by an unknown accused.
“As many as 34 emails were sent to various email accounts from these official ids and none of the SEBI officers had sent them, we understand that unknown persons accessed their emails,” said a police officer.
The police suspect that the accused have used the official ids of SEBI to steal some confidential information of others to whom the emails have been sent by posing as SEBI officials.
“We got emails which had a link that probably was sent to obtain information from the recipients of the emails. The accused could perhaps obtain the information once the recipients clicked the link,” said Kishan Gopal.
After noticing a cyber security incident on the email system, which was undergoing a system upgrade, SEBI filed an FIR for cyber security incident as per the relevant provisions of law.
Various mitigation measures were immediately taken in response to the said cyber security incident including, informing CERT-IN as per the standard operating procedure, strengthening the required security configuration of the system, etc.
SEBI officials said that it constantly monitors its detection and prevention systems and has taken additional measures post the incident to tighten the security procedures for the implementation and migration activities.
“It was a small incident. CERT-IN is fully in the loop. No sensitive data was lost. Root cause has been diagnosed and fixed. Prevention for future has been fully implemented,” said Hariharan N, chief general manager, SEBI.
The Bandra-Kurla police have registered a case for punishment for cheating by personation and under various sections like 43 A (compensation for failure to protect data) and 66C (punishment for identity theft) of the Information Technology Act, 2000.
Stay updated with all the Breaking News and Latest News from Mumbai. Click here for comprehensive coverage of top Cities including Bengaluru, Delhi, Hyderabad, and more across India along with Stay informed on the latest happenings in World News.

E-Paper

