Email accounts of 11 Sebi officials hacked, FIR registered: Police
“As many as 34 emails were sent to various accounts from these official IDs,” a police officer said. Police suspect that the accused used the official SEBI accounts to steal some confidential information about the recipients of the emails.
The Securities and Exchange Board of India (SEBI) has approached police alleging that some unknown persons had allegedly hacked into the official email accounts of its 11 employees and sent 34 emails from them. SEBI officials, however, said no sensitive data was stolen.
On May 23, Varunkumar Kishan Gopal, an assistant manager with IT department of SEBI’s head office in Bandra-Kurla Complex (BKC), received a complaint from ISD manager Abhijit Chandrakant.
Chandrakant suspected that his official email ID was accessed by unknown persons, and emails were sent from it. When Gopal checked the disaster recovery site of SEBI, he found that the email accounts of 11 officials were hacked.
“As many as 34 emails were sent to various accounts from these official IDs,” a police officer said.
Police suspect that the accused used the official SEBI accounts to steal some confidential information about the recipients of the emails.
“The emails sent to the recipients had a link. The accused could perhaps obtain the information once the recipients clicked the link,” Gopal said.
Various mitigation measures were immediately taken like informing CERT-IN, strengthening the required security configuration of the system, etc, officials said.
“It was a small incident. CERT-IN is fully in the loop. No sensitive data was lost. The root cause of the problem has been diagnosed and fixed,” Hariharan N, chief general manager, SEBI, said.
A case under section 419 (punishment for cheating by personation) of Indian Penal Code and under sections like 43 A (compensation for failure to protect data) and 66C (punishment for identity theft) of the Information Technology Act, 2000, was registered at BKC police station on Friday.