CDSL malware attack hits broking ops; Sebi, Cert-in to probe incident

Trade-related activity and back-end operations at brokerages were disrupted due to a malware attack at the country’s largest depository, Central Depository Services (India) (CDSL).

Several brokerages informed their clients about disruptions in timelines as CDSL “isolated the machines and disconnected itself from other constituents of the capital market”.

“Pledge and unpledge requests are not processed today (Friday). These requests will be processed on Monday, 21st November 2022. Gift requests are not processed, and clients can reinitiate gift requests on Monday (November 21). The settlement process also could be delayed. Mutual fund redemptions on Coin may also be affected. The holdings and P&L values are not updated for trades done on November 18. It will be updated by Monday,” Zerodha, the country’s largest brokerage, wrote in a blog post late Friday.

Late on Sunday night CDSL informed the exchanges that their systems were live after due checks and validations.

"The systems are functional to carry out depository activities. In co-ordination with the other Market Infrastructure Institutions (MIIs), the pending settlement related activities pertaining to the business bay - Friday, November 18, 2022, have been successfully completed," said CDSL.

Industry sources said settlement activities, pay-ins and pledging activities were completed with a delay.

Discount broker 5Paisa’s CEO Prakarsh Gagdani shared that settlements were under process on Sunday.

Meanwhile, market regulator Securities and Exchange Board of India (Sebi) and Indian Computer Emergency Response Team (Cert-in), a nodal agency to deal with cyber security threats, will soon examine the details provided by CDSL of the malware attack. This is being done to assess the level of threat and sanitise other market participants from similar attacks, said people in the know.

CDSL, a key market infrastructure institution (MII), handles close to 75 million demat accounts having assets of Rs 3.95 trillion. The only other depository, NSDL, handles fewer demat accounts at nearly 30 million but has assets under custody of Rs 320 trillion. CDSL has more retail broking clients.

Regulators are also probing if any confidential information or investor data has got compromised due to the attack. CDSL’s initial finding said “there is no reason to believe” so.

However, more information on the malware attack and its impact are awaited from the depository.

Cyber experts said most malware attacks are ransomware attacks or state-sponsored threats. CDSL had earlier said that it had reported the incident to the authorities.

Sebi mandates reporting of cyberattacks or threats immediately and also on a quarterly basis for stock brokers and depository participants.

Meanwhile, CDSL’s website resumed functioning late night on Saturday after being down since Friday.

Brokering industry players said the disruption caused by the malware attack could have been more adverse if not for the weekend.

“Thankfully it was Saturday and Sunday that gave time for settlements. We are now in a position to settle all obligations. All MIIs worked hard on it and there was excellent cooperation by members,” said Kamlesh Shah, president, Association of National Exchanges Members of India (ANMI), a brokers’ lobby.

Sebi has also been proactive about measures to safeguard against cyberattacks. The market regulator has mandated that MIIs, registrars to an issue and share transfer agents, KYC registration agencies, and top broking companies submit their annual security audit reports and compliance reports to Sebi for detailed analysis.

Cyber security experts and audit firms said that post-Covid-19, incidents of cyber security breaches have increased manifold and many companies were now getting quarterly cyber audits. The annual spend on cyber security has also increased to 8-9 per cent of the total IT budget of companies.

Cyber Scare

• Several brokerages informed clients about timeline disruptions as CDSL ‘isolated the machines and disconnected itself from other constituents of the capital market’
• Settlement activities, pay-ins and pledging activities were completed with a delay, said sources
• Sebi and Cert-in will soon examine details provided by CDSL of malware attack; will assess the level of threat and sanitise other market participants from similar attacks
• CDSL handles close to 75 mn demat accounts having assets of Rs 3.95 trillion
• CDSL website resumed functioning late night on Saturday after being down since Friday