Getting hacked is the new normal is a truism which is getting more and more accepted as the time passes and breaches keep happening at an alarming regularity. The cyber security stance remains the same but for lip service to start with or the best a very minimal security, which the concerned vendor would decide. Cyber security has become a capital cost issue besides being an expertise which the business owner needs to know, at least the functional side. The pattern of information flow also remains the same. The recent attack on Oracle and the company response have both been typically copybook approaches.
Think of the amount of time Oracle took just to accept it. Mostly it was forced into it. Back home the Nippon Mutual Fund website has been down since a cyber attack on the 9th of April 2025. The website, without getting into the reasons for it, states in a very bland way; if you invest directly through Nippon’s website, you won’t be able to log in to your account for now. The funds can be accessed through the MFU platform or by logging in to Kfintech. We are facing technical issues. What is the shame in calling a breach a breach. What a way to inform your own customers of a hack and that too most likely about their information.
This is the fate of Nippon Life India Asset Management Ltd, India’s largest mutual fund by way of number of investors. When did the attack happen? The cyber attack hit the company’s IT infrastructure on the 9th of April. As on 17th October, the home page was accessible but the login page was not. What fate the customer / investor has to live with for no fault of his? The incident was reported in an exchange filing on 10th of April 2025. The company took necessary action, as soon as this news was made unknown to me. The company in the filing further said, “we have taken the necessary steps to investigate and respond to the incident, including shutting down affected systems.”
The customer / investor is left to the mercy of the Gods, and he is also to understand what such public utterances mean. Another oft repeated approach to make the customer comfortable is to announce, that this company is working with leading cyber security experts to support our investigation and identify the extent of the issue and remedial action as necessary. The company hides under these generic supposedly legal messages. They would also claim that no data is compromised and try to mix it up or mess it up with maintenance. The IT systems remain inaccessible for long periods of time, but there is no one to tell you the real story, the safeguards and how to go about it. Undeniably, the the customer is at much greater risk.
CREATING A SMOKESCREEN OUT OF A CYBER ATTACK FOR SHORT TERM PEACE IS MAKING THE CYBER SECURITY SCENARIO MUCH WORSE.
Sanjay Sahay
Have a nice evening.