CDSL detects malware, puts off settlements

MUMBAI: Central Depository Services (CDSL), the largest depository in India in terms of demat accounts, said late on Friday that it had detected malware in some of its computers. CDSL added that it had immediately isolated its systems from other constituents of the capital markets. Subsequently, its website was down and showed DNS (1016) error. CDSL also informed the NSE that there was a delay in trade settlement. “Earlier (on Friday), CDSL detected malware in a few of its machines. As a matter of abundant caution, (it) immediately isolated the machines and disconnected itself from other constituents of the capital markets,” it said in a notice on the NSE. CDSL is listed only on the NSE. “According to initial findings, there is no reason to believe that any confidential information or investor data has been compromised. The CDSL team has reported the incident to the relevant authorities and is working with its cybersecurity advisers to analyse the impact. Resolution of the incident is in process, subsequent to which settlement activities would be completed,” the notice said. A systems engineer with a market-related entity TOI spoke to said that it was unusual for the CDSL website to also go offline. “Usually, during such incidents, at least some parts are kept operational from the DR (disaster recovery) site,” the IT personnel said. CDSL, affiliated to the BSE, emerged as the largest depository ahead of NSDL during the Covid pandemic years as tech-driven discount brokers acquired customers at a high speed. CDSL, being the lower-cost depository compared to NSDL, is preferred by most discount brokerages over its older rival.