Online lender EarlySalary admits data breach of loan applicants

Online lender EarlySalary admits data breach of loan applicants
Photo Credit: Photo Credit: Thinkstock
5 Oct, 2018

Pune-based online lender EarlySalary, which acquired instant customer loan firm CashCare in May, has said names and mobile numbers of applicants have been leaked in a security breach that did not impact its customers.

The company, in a blog post, added that the vulnerability had been patched. “The database credentials have been changed, and additional security blocks have been placed on the EarlySalary website. We are working with law-enforcement agencies to identify the IP (internet protocol) source for this incident,” the firm said, adding it was making its databases compliant with Payment Card Industry Data Security Standard.

EarlySalary was founded by Akshay Mehrotra and Ashish Goyal in 2015. The startup offers a mobile app that allows salaried individuals to avail of instant loans for an average tenure of 30 days or till salary arrives.

This year, financial institutions in India have come under attack from hackers and fraudsters.

In August, cyber criminals hacked the systems of Pune-based Cosmos Bank and siphoned off nearly Rs 94.4 crore ($13.5 million) through simultaneous withdrawals across 28 countries over the weekend.

The co-operative bank said unidentified hackers stole customer information through a malware attack on its automated teller machine (ATM) server, withdrawing Rs 80.5 crore in 14,849 transactions in just over two hours.

Apart from the ATM withdrawals, the hackers transferred Rs 13.9 crore to a Hong Kong-based company's account by issuing three unauthorised transactions over the SWIFT global payments network, the bank said in a police complaint.

A couple of days after the hack was reported, retail payments watchdog National Payments Corporation of India (NPCI) issued an advisory note asking banks to take a series of measures to protect themselves against fraud.

In February, India's City Union Bank Ltd reported it had suffered three fraudulent remittances of nearly $2 million that had been pushed through the SWIFT financial platform.

In 2016, unknown hackers stole more than $81 million from the Bangladesh central bank's account with the Federal Reserve Bank of New York.


In January, EarlySalary had raised Rs 100 crore ($15.7 million) in a Series B round led by Eight Roads Ventures India. Existing investors IDG Ventures India, Dewan Housing Finance Corp. Ltd (DHFL) and Ashok Agarwal, director of forex and money transfer services firm Transcorp International Limited, had also participated in the round.

The company had said that it would use these funds to expand its operations and target a disbursal of 100,000 monthly loans by the end of 2018. Going by the firm’s spokesperson, EarlySalary back then disbursed 14,000 to 14,500 loans per month.

Last year, the company raised funds through a mix of equity and debt. In May last year, it raised $4 million in its Series A round led by IDG Ventures India and DHFL. In September 2017, it raised Rs 5 crore ($780,675) in debt from IFMR Capital.