National Stock Exchange (NSE)

The National Stock Exchange (NSE) faced a data security breach on its mutual fund platform, as flagged by the Federation of Independent Financial Advisors (FIFA). The breach exposed a critical flaw in client data segregation, where all clients under a main broker became visible to sub-broker partners, violating confidentiality protocols. Previously, client segregation was strictly maintained, but the new system failed to enforce this, leading to unauthorized access to investor data.Operational disruptions further compounded the issue, with transaction processing delays due to faulty integration of folio and investor identification numbers (IIN). Sub-brokers were denied login IDs, halting transactions entirely. Additional problems included restrictions on SIP/STP/redemption/switch transactions (now limited to one scheme per order), delayed SIP start dates (extended from 7 days to 1 month), and reduced validity of payment and ACH mandate links (from 48 to 24 hours).Crucially, transaction alerts and intimations such as SIP bounces, IIN changes, approvals/rejections, and mandate updates stopped being sent to registered distributor IDs, leaving investors and advisors uninformed about critical actions. The breach and operational failures collectively risked financial fraud, reputational damage, and loss of investor trust, though no direct evidence of data theft was reported.

Source: https://m.economictimes.com/mf/analysis/nse-mutual-fund-platform-is-investor-data-safe-after-data-security-breaches/data-security-breaches/slideshow/123597794.cms

TPRM report: https://www.rankiteo.com/company/nse-it-limited

"id": "nse901090225",
"linkid": "nse-it-limited",
"type": "Breach",
"date": "8/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': ['Investors',
                                               'Sub-Brokers',
                                               'Mutual Fund Distributors'],
                        'industry': 'Stock Exchange / Mutual Funds',
                        'location': 'India',
                        'name': 'National Stock Exchange (NSE) Mutual Fund '
                                'Platform',
                        'type': 'Financial Services Platform'}],
 'data_breach': {'personally_identifiable_information': ['Investor Names',
                                                         'Folio Numbers',
                                                         'Transaction '
                                                         'Histories'],
                 'sensitivity_of_data': 'High (Financial and Personal Investor '
                                        'Data)',
                 'type_of_data_compromised': ['Client Mapping Data',
                                              'Investor Identification Numbers '
                                              '(IIN)',
                                              'Transaction Alerts']},
 'description': 'The Federation of Independent Financial Advisors (FIFA) '
                "raised concerns over the National Stock Exchange's (NSE) "
                'mutual fund platform due to data security breaches, '
                'operational disruptions, and missing transaction alerts. Key '
                'issues include incorrect client mapping (all clients under a '
                'main broker visible to sub-broker partners), delays in '
                'transaction processing due to folio and investor '
                'identification number (IIN) integration failures, and lack of '
                'intimation emails for critical alerts (e.g., SIP bounces, IIN '
                'changes, transaction approvals/rejections). Additional '
                'restrictions include single-scheme transactions (previously '
                'multi-scheme), extended SIP start dates (1 month vs. 7 days '
                'earlier), and reduced validity of payment/ACH mandate links '
                '(24 hours vs. 48 hours earlier).',
 'impact': {'brand_reputation_impact': 'High (Public disclosure by industry '
                                       'body, operational failures, and data '
                                       'privacy concerns)',
            'customer_complaints': ['FIFA (Federation of Independent Financial '
                                    'Advisors)'],
            'data_compromised': ['Client Mapping Data',
                                 'Transaction Alerts',
                                 'Investor Identification Details'],
            'identity_theft_risk': 'Potential (Due to improper client data '
                                   'segregation)',
            'operational_impact': ['Transaction Processing Delays',
                                   'Standstill in Sub-Broker Transactions',
                                   'Restricted Multi-Scheme Transactions',
                                   'Delayed SIP Start Dates',
                                   'Reduced Payment Link Validity'],
            'systems_affected': ['NSE Mutual Fund Platform',
                                 'Sub-Broker Login System',
                                 'Transaction Processing System',
                                 'Alert/Notification System']},
 'investigation_status': 'Ongoing (Publicly disclosed by FIFA; no resolution '
                         'reported)',
 'post_incident_analysis': {'root_causes': ['Improper Client Segregation in '
                                            'New Platform',
                                            'Folio/IIN Integration Failures',
                                            'Alert System Malfunction',
                                            'Policy Changes Without '
                                            'Stakeholder Consultation']},
 'references': [{'source': 'ETBureau (via IANS)'},
                {'source': 'FIFA (Federation of Independent Financial '
                           'Advisors) Note on X (formerly Twitter)'},
                {'source': 'ETMarkets.com'}],
 'response': {'communication_strategy': ['Public Disclosure via FIFA (Social '
                                         'Media Note)']},
 'stakeholder_advisories': ['FIFA Warning to Sub-Brokers and Distributors'],
 'title': 'Data Security Breach and Operational Disruptions in NSE Mutual Fund '
          'Platform',
 'type': ['Data Breach', 'Operational Disruption', 'Privacy Violation'],
 'vulnerability_exploited': ['Improper Client Segregation',
                             'Folio/IIN Integration Flaws',
                             'Alert System Failure']}

National Stock Exchange (NSE)

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Dell: Alleged Dell data compromise raises skepticism

Free Mobile: French data regulator fines telco subsidiaries $48 million over data breach