A threat actor has allegedly posted on a dark web forum, claiming to possess and sell a vast amount of sensitive data from BajajCapital, one of India’s oldest fintech companies. The alleged breach, if true, could potentially impact millions of customers and the company’s internal security.
According to the post, the threat actor is allegedly offering multiple databases, customer Know Your Customer (KYC) details, insurance policy data, source code, credentials, and internal documents for sale. The stolen data reportedly includes around 2 million KYC records containing Aadhaar, PAN, and canceled cheques, along with 1 million car and bike insurance policy documents in PDF format. Additionally, the actor claims to have access to the source code of all BajajCapital projects, various third-party vendor credentials, and internal company documents.
