Online ID Verification Startup Signzy Discloses Security Incident Affecting Customers in India

• Indian Fintech firm Signzy announced its systems suffered a security breach, possibly impacting customer data.
• Besides acknowledging the intrusion, Signzy did not disclose details on the nature and scope of the incident.
• ICICI Bank, SBI, Mswipe, Aditya Birla Financial Services, and global firms like PayU are on the company’s client list.

Signzy, a prominent Bengaluru-based startup specializing in “know your customer” (KYC) ID verification and customer onboarding services, has acknowledged a security incident and confirmed the event but provided limited details about the breach.

The security breach reportedly occurred last week and could involve the exposure of customer data that surfaced briefly on a cybercrime forum, according to a report by TechCrunch. Signzy declined to specify whether any customer data had been compromised or exfiltrated.  

India’s computer emergency response team, CERT-In, confirmed awareness of the incident but stated only that it was preparing to take action with the authorities. Signzy has since hired a professional cybersecurity investigation team to determine the extent and impact of the breach, though the company has not disclosed any findings yet. 

Signzy’s services are widely used for onboarding approximately 10 million customers and businesses monthly. Key clients include financial heavyweights such as ICICI Bank, SBI, Mswipe, Aditya Birla Financial Services, and global firms like PayU. 

Founded in 2015, the company operates from offices in key locations, including Bengaluru, New York, and Dubai, and provides digital onboarding solutions to banks and NBFCs via its no-code platform.

Representatives also stated that all clients, regulatory bodies, and relevant stakeholders had been informed. However, the company noted that there was no direct engagement with the Reserve Bank of India (RBI).  

ICICI Bank and other clients asserted they had suffered no exposure due to the incident. Similarly, a spokesperson for PayU, another Signzy client, confirmed that the company had been impacted by “information stealer malware” but assured that PayU and customer data remained unaffected.  

While Signzy has not elaborated on how the breach occurred, its engagement with professional investigators and its communication with stakeholders signal an effort to restore trust. The startup has received backing from key investors such as Mastercard, Vertex Ventures, Kalaari Capital, and Gaja Capital, reinforcing its pivotal position in the financial technology sector.

In July, India's largest health insurer, Star Health, suffered a data breach that reportedly resulted in the exfiltration of 31.2 million datasets and the sale of customer details via Telegram chatbots.