Indian stock brokerage firm Angel One on Friday disclosed a data breach impacting client information stored in its Amazon Web Services (AWS) account.
The incident, the company said, was discovered after it received an email alert from a ‘dark web monitoring partner’ on February 27, regarding a ‘data leakage post’.
“After analyzing the post, it was ascertained that some of Angel One’s AWS resources were compromised,” the company said.
Angel One says it immediately changed the passwords for its AWS cloud and related applications, and that it retained external experts to investigate the incident, assess the scope of the data breach, and identify its root cause.
“We have verified that this breach does not have any impact on clients’ securities, funds and credentials; and all our client accounts remain secure,” the company said.
While the company has not shared details on how the data breach occurred, it appears that the attack was possible due to cybersecurity failures on Angel One’s part rather than a hack of AWS’s systems.
SecurityWeek has emailed AWS for a statement and will update this article if a reply arrives.
Following the data breach announcement, Angel One’s shares dropped over 11% in two days, hitting a 52-week low on Monday, March 3.
Founded in 1996, Angel One is one of the largest stock brokers in India, with a client base of over 30 million at the end of January 2025, up roughly 10 million compared to January last year.
Related: 3.3 Million People Impacted by DISA Data Breach
Related: Finastra Starts Notifying People Impacted by Recent Data Breach
Related: Personal Information Compromised in GrubHub Data Breach
Related: Hacker Behind Over 90 Data Leaks Arrested in Thailand