Data Breaches

Indian Stock Broker Angel One Discloses Data Breach

Angel One says client information was compromised in a data breach involving its AWS account.

Angel One says client information was compromised in a data breach involving its AWS account.

Indian stock brokerage firm Angel One on Friday disclosed a data breach impacting client information stored in its Amazon Web Services (AWS) account.

The incident, the company said, was discovered after it received an email alert from a ‘dark web monitoring partner’ on February 27, regarding a ‘data leakage post’.

“After analyzing the post, it was ascertained that some of Angel One’s AWS resources were compromised,” the company said.

Angel One says it immediately changed the passwords for its AWS cloud and related applications, and that it retained external experts to investigate the incident, assess the scope of the data breach, and identify its root cause.

“We have verified that this breach does not have any impact on clients’ securities, funds and credentials; and all our client accounts remain secure,” the company said.

While the company has not shared details on how the data breach occurred, it appears that the attack was possible due to cybersecurity failures on Angel One’s part rather than a hack of AWS’s systems. 

Advertisement. Scroll to continue reading.

SecurityWeek has emailed AWS for a statement and will update this article if a reply arrives.

Following the data breach announcement, Angel One’s shares dropped over 11% in two days, hitting a 52-week low on Monday, March 3.

Founded in 1996, Angel One is one of the largest stock brokers in India, with a client base of over 30 million at the end of January 2025, up roughly 10 million compared to January last year.

Related: 3.3 Million People Impacted by DISA Data Breach

Related: Finastra Starts Notifying People Impacted by Recent Data Breach

Related: Personal Information Compromised in GrubHub Data Breach

Related: Hacker Behind Over 90 Data Leaks Arrested in Thailand

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version