By Fiona Mehta
On May 23 2022, Abhijit Chandrakant, the ISD manager, filed a complaint with Varunkumar Kishan Gopal, an assistant manager with the IT department of SEBI’s head office in Bandra-Kurla Complex (BKC). Chandrakant suspected that his official email ID had been accessed by unauthorized parties and that emails had been sent from it. When Gopal checked the disaster recovery site of SEBI, he discovered that 11 officials’ email accounts had been hacked.
The Securities and Exchange Board of India (SEBI) announced that it had reported a cyber security incident that it had discovered on its email system. The capital markets regulator did emphasize, though, that no sensitive information was taken.
In a statement, the regulatory body said that a cyber security incident had recently been discovered on the Securities and Exchange Board of India’s (Sebi) email system, which was undergoing a system upgrade. As a result, a FIR (First Information Report) has been registered in accordance with the applicable legal provisions.
They learnt that some miscreants illegally gained access to 11 official email id accounts of 11 SEBI officials and used them to send 34 emails. All the emails were sent between 8.42 pm to 9.13 pm on May 23. Based on the complaint, an FIR has been registered under Sections 419 (impersonation for cheating) of the Indian Penal Code, Section 43 A (accesses or secures access to such computer, computer system or computer network) and 66 C (identity theft) of the Information and Technology Act.
Sebi also stated that a number of immediate mitigating steps had been taken in response to the cyber security event, including, among other things, notifying CERT-IN in accordance with standard operating procedure and tightening the system’s necessary security configuration. Notably, CERT-In serves as the national nodal organisation for responding to issues involving computer security as they arise.
The market regulator said that it monitors its detection and prevention systems and has taken additional measures post-incident to tighten the security procedures for the implementation and migration activities.
In a related move, Sebi has mandated the attachment of a person’s bank accounts, shareholdings, and mutual fund holdings in order to collect around 18 crore in the Shree Ramkrishna Electro Controls Ltd. case. Following the company’s sale of redeemable cumulative preference shares (RCPS) to investors, Chandrakant Bhargav Gole was ordered to pay back the sum of 5.74 crore plus 15% interest annually, or 12.53 crore, according to a notice attached by Sebi on Thursday. During the pertinent time, Gole served as managing director of Shree Ramkrishna Electro Controls Ltd (SRECL).