OFFICIAL EMAIL The credentials of 11 Securities and Exchange Board of India (SEBI) officials were compromised by an unknown person, who used them to send 34 emails in May. Based on a complaint from a SEBI official, an FIR was filed on July 16 and further investigation is ongoing.
The complainant is an assistant director in SEBI’s IT department, which handles the regulator’s cybersecurity. On May 24, an official from the regulator informed the complainant that his official email id had been used by an unknown person on May 23 to send an email to someone who works in a private company. The manager claimed that someone had illegally accessed his email account and sent the email, following which the IT department conducted an internal investigation.
They learned that some disbelievers had illegally gained access to 11 official email ID accounts of 11 SEBI officials and used them to send 34 emails. All emails were sent between 8:42 p.m. and 9:13 p.m. on May 23.
The plaintiff told police that the unknown defendant “stole SEBI’s electronic data and impersonated SEBI officials to send the emails and defamed SEBI.” Based on complaint. an FIR has been registered under Sections 419 (Impersonation for Cheating) of the Indian Penal Code, Section 43 A (Access or secure access to this computer, computer system or computer network) and 66 C ( impersonation) of the Information Technology Act.
When asked why SEBI took over a month to file a complaint, an officer from the Bandra Kurla Complex (BKC) Police Station said: “They conducted an internal investigation and after finding that their IDs email had been hacked, they decided to file a complaint. ”
An official SEBI spokesperson said: ‘It was a small incident. CERT-IN is fully in the loop. No sensitive data was lost. The root cause has been diagnosed and corrected. Prevention for the future has been fully implemented.
A press release issued by the regulator on the incident reads: “A cybersecurity incident was noticed on SEBI’s email system, which was being upgraded. Various measures to mitigation were immediately taken in response to said cybersecurity incident, including notifying CERT-IN in accordance with standard operating procedure, strengthening system security requirements, etc. SEBI continuously monitors its detection and prevention and took additional steps after the incident to reinforce security procedures.