Stolen Paytm data included passwords, PIN of founder Vijay Shekar’s accounts and cash cards, business plans
The woman employee of Paytm founder and chief executive officer Vijay Shekhar Sharma, who had access to Sharma’s personal laptop, had allegedly stolen the data and was blackmailing him to the rune of ₹20 crore.Updated: Oct 24, 2018 09:42 IST
Police said the initial probe into the Paytm extortion case suggests that the data breach involved crucial information that can hamper the company’s prospects, if made public.
Manoj Pant, station house officer, Sector 20 police station, said, “The total data is of more than 128 GB and contains over 1,000 pages.”
Police sources said the data included passwords, encrypted emails, PIN of Paytm accounts and cash cards used by its founder Vijay Shekhar Sharma, the company’s business model, new plans and schemes as well as financial dealings of the company, all of which would have damaged the prospects of Paytm, if made public or shared.
Gautam Budh Nagar SSP AjayPal Sharma said, “We are sifting through the data with the help of cyber cell officers. The data contained important passwords, among other things.”
But the company, in a statement to the media, assured customers that “their personal details are protected”. “All our consumer data is protected with the highest and most impenetrable levels of security. At this point, the law enforcement authorities are investigating this matter and we would like to respect the police investigation, and not comment further until the results of such investigation are known,” Paytm statement read.
Police are trying to ascertain if the data contained details of customers. “The data is huge and we are sifting it thoroughly,” Sharma said.
Police have arrested Sonia Dhawan, former vice-president (communications), her husband Roopak Jain and Devendra Kumar, an employee of Paytm. A fourth person, Rohit Chomal, a resident of Kolkata, who made the extortion call, is still at large.
The SSP said the Noida police is in contact with the Kolkata police and they hope to nab Chomal soon. The SHO said they have found out that Devendra had recently travelled to Kolkata, where he may have interacted with Chomal.
Pant said Dhawan and Jain were stealing data for the last two years. Dhawan shared the data with Devendra who took the help of a woman called Mala, whom he was dating since 2014, to get in touch with Chomal.
According to police, Jain was going through a rough phase in his real estate business. Chomal had allegedly been involved in this scheme as his coal business was failing and he needed money, the police said.
Chomal had initially demanded ₹30 crore from Paytm chiefs Vijay Shekhar and his brother Ajay Shekhar. “It came down to ₹20 crore and then to ₹10 crore. Rohit (Chomal) shared a few passwords with the Shekhars to convince them that he was in possession of crucial data,” SSP Sharma said.
When Shekhar deposited ₹2 lakh in the account provided, Chomal revealed further details of the data to prove the authenticity of his claims, the SSP said. Dhawan had allegedly copied all data from Vijay Shekhar’s laptop and shared it with Devendra, the police said.
According to police, the details shared by Chomal could only have been obtained by Dhawan as she was the only employee with access to these details. That is how Shekhars came to know of Dhawan’s involvement, the police said.
Police recovered a pen drive, a hard disk and four mobile phones from Devendra’s house in Shahdara village. “We have also recovered certain incriminating WhatsApp chats between Devendra and Chomal,” the SHO said.
The police said the extortion calls were made from a number with an oversees ISD code using an internet application. The police are trying to trace the IP address from which these calls originated.
A case was registered under the IPC sections 381 (theft by clerk or servant or property in possession of the master), 384 (punishment for extortion), 386 (extortion by putting a person in fear), 420 (cheating), 408 (criminal breach of trust by clerk or servant), 120B (criminal conspiracy) and sections of the IT Act, 2008.