Upstox
Company Details
Linkedin ID:
upstox
Website:
Employees number:
2,110
Number of followers:
152,714
NAICS:
52
Industry Type:
Homepage:
upstox.com
IP Addresses:
0
Company ID:
UPS_2358121
Scan Status:
In-progress
Upstox Company CyberSecurity Posture
upstox.com
Upstox is an online trading app for Demat Account, Share Market, MF, IPO with 1cr+ customers. Backed by Ratan Tata and venture capitalists such as Tiger Global, Upstox offers a best-in-class technology-enabled trading platform. Headquartered in Mumbai, Upstox holds memberships with the NSE, BSE, MCX, and MCX-SX. For more details, visit - https://upstox.com/
Upstox A.I CyberSecurity Scoring
Upstox Risk Score (AI oriented)Between 700 and 749
Upstox
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Upstox Global Score (TPRM)XXXX
Upstox
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Upstox Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Upstox
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: India’s second-largest stockbroking firm Upstox suffered a huge data security breach in April 2021. The breach exposed some data and Know-Your-Customer details of around 100,000 users and they were posted on the dark web asking for $1.2 million in ransom. The firm asked its users to resets passwords on its platform and stay alert for any suspicious activity.
Upstox Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Upstox
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Upstox in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Upstox in 2025.
Incident Types Upstox vs Financial Services Industry Avg (This Year)
No incidents recorded for Upstox in 2025.
Incident History — Upstox (X = Date, Y = Severity)
Upstox cyber incidents detection timeline including parent company and subsidiaries
Upstox Company Subsidiaries
Upstox is an online trading app for Demat Account, Share Market, MF, IPO with 1cr+ customers. Backed by Ratan Tata and venture capitalists such as Tiger Global, Upstox offers a best-in-class technology-enabled trading platform. Headquartered in Mumbai, Upstox holds memberships with the NSE, BSE, MCX, and MCX-SX. For more details, visit - https://upstox.com/
Loading...
Upstox Similar Companies
Aegon
People are living longer, and we are excited about the possibilities this brings. We see longevity, aging, and changing life patterns as an opportunity for our customers, our employees, and society as a whole. And we want to support everyone in building the financial means to explore the possibiliti
Swedbank
Since 1820, Swedbank has been the bank for the many households and businesses. We are a modern financial services platform focused on customer satisfaction. Our goal is to encourage people to save for a better future, and we aim to help people, businesses and society to grow by promoting a healthy a
Prudential plc
In Asia and Africa, Prudential has been providing familiar, trusted financial security to people for 100 years. Today, headquartered in Hong Kong and London, we are ranked top three in 12 Asian markets with 18 million customers, around 68,000 average monthly active agents and access to over 27,000 b
Sun Life
Sun Life is a leading financial services organization dedicated to helping people achieve lifetime financial security and live healthier lives. We provide a wide range of insurance and investment products and services in key markets around the world including Canada, the United States, the United K
Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with approximately $1.9 trillion in assets. Wells Fargo’s vision is to satisfy our customers’ financial needs and help them succeed financially. Founded in 1852 and headquartered in San Francisco, Wells Fa
Sanlam
We’ve finally given a name to that special something a person exudes when they have a plan for their finances. It’s called The F Factor – and now that you know its name, it’s time you feel it too. Let's unlock your financial confidence, together. Our team is online weekdays 8:30 – 16:00
First American Financial Corporation is a premier provider of title, settlement and risk solutions for real estate transactions. With its combination of financial strength and stability built over more than 130 years, innovative proprietary technologies, and unmatched data assets, the company is lea
Lloyds Banking Group
Our purpose is Helping Britain Prosper. We do this by creating a more sustainable and inclusive future for people and businesses, shaping finance as a force for good. We're part of an ever-changing industry and are currently on a journey to shape the financial services of the future, whilst support
Opening up a world of opportunity for our customers, investors, ourselves and the planet. We're a financial services organisation that serves more than 40 million customers, ranging from individual savers and investors to some of the world’s biggest companies and governments. Our network covers 58
.png)
Upstox CyberSecurity News
November 11, 2025 08:00 AM
Life Certificate for pensioners 2025: How to submit Jeevan Pramaan Patra without falling for scams
While digital tools make things simpler, a word of caution is important. Pensioners are reminded to stay alert and follow essential...
October 14, 2025 07:00 AM
Q2 results: Axis Bank, IRFC, HDFC Life Insurance, HDB Financial, L&T Finance, KEI Industries, others to post earnings; check list
Q2 results: Oil refinery Mangalore Refinery and Petrochemicals, stockbroker Angel One, concrete maker Nuvoco Vistas Corporation,...
October 06, 2025 07:00 AM
Airtel Business bags multi-year contract to build cybersecurity ecosystem for Indian Railways
The project will establish a greenfield, AI-powered, multi-layered 24x7 security framework to protect critical digital operations,...
September 29, 2025 07:00 AM
BEL bags additional orders worth ₹1,092 crore; stock gains over 8% in a month
Shares of BEL declined 2.40% over the week but gained 8.3% over the month. On a year-to-date basis, it has advanced 36.37%.
September 21, 2025 07:00 AM
TechD Cybersecurity share price: Stock rises nearly 100% on opening day; here's how much investors made per lot
TechD Cybersecurity share price: The initial share sale, with a price band of ₹183 to ₹193 per share, aimed to raise ₹38.99 crore...
September 21, 2025 07:00 AM
Upcoming IPOs this week: Seshaasai Technologies, Jinkushal Industries, Atlanta Electricals, 26 others issues to open; 9 listings scheduled; check list
Upcoming IPOs: The stock listings this week include Euro Pratik Sales, VMS TMT, iValue Infosolutions, Saatvik Green Energy, GK Energy,...
September 18, 2025 07:00 AM
Apollo Micro Systems enters into MoU with Sibersentinel Technologies, Zoom Technologies
This strategic partnership aims to combine the company's domain expertise in defence-grade electronic systems with Sibersentinel...
September 17, 2025 07:00 AM
TechD Cybersecurity IPO subscribed over 600 times so far on day 3; check allotment date and steps
Steps to check TechD Cybersecurity IPO allotment status on Purva Sharegistry India · Visit the registrar Purva Sharegistry's IPO status page:...
September 17, 2025 07:00 AM
TechD Cybersecurity IPO allotment: How to check status online on NSE, Purva Sharegistry after 700x subscription
TechD Cybersecurity IPO allotment: The Vijay Kedia-backed firm, which had set a price band of ₹183 to ₹193 per share, sought to raise ₹38.99...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Upstox CyberSecurity History Information
Official Website of Upstox
The official website of Upstox is http://www.upstox.com.
Upstox’s AI-Generated Cybersecurity Score
According to Rankiteo, Upstox’s AI-generated cybersecurity score is 738, reflecting their Moderate security posture.
How many security badges does Upstox’ have ?
According to Rankiteo, Upstox currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Upstox have SOC 2 Type 1 certification ?
According to Rankiteo, Upstox is not certified under SOC 2 Type 1.
Does Upstox have SOC 2 Type 2 certification ?
According to Rankiteo, Upstox does not hold a SOC 2 Type 2 certification.
Does Upstox comply with GDPR ?
According to Rankiteo, Upstox is not listed as GDPR compliant.
Does Upstox have PCI DSS certification ?
According to Rankiteo, Upstox does not currently maintain PCI DSS compliance.
Does Upstox comply with HIPAA ?
According to Rankiteo, Upstox is not compliant with HIPAA regulations.
Does Upstox have ISO 27001 certification ?
According to Rankiteo,Upstox is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Upstox
Upstox operates primarily in the Financial Services industry.
Number of Employees at Upstox
Upstox employs approximately 2,110 people worldwide.
Subsidiaries Owned by Upstox
Upstox presently has no subsidiaries across any sectors.
Upstox’s LinkedIn Followers
Upstox’s official LinkedIn profile has approximately 152,714 followers.
NAICS Classification of Upstox
Upstox is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Upstox’s Presence on Crunchbase
No, Upstox does not have a profile on Crunchbase.
Upstox’s Presence on LinkedIn
Yes, Upstox maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/upstox.
Cybersecurity Incidents Involving Upstox
As of December 08, 2025, Rankiteo reports that Upstox has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Upstox has an estimated 30,182 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Upstox ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Upstox detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with password reset, and communication strategy with user advisories to stay alert for suspicious activity..
Incident Details
Can you provide details on each incident ?
Title: Upstox Data Breach
Description: India’s second-largest stockbroking firm Upstox suffered a huge data security breach in April 2021. The breach exposed some data and Know-Your-Customer details of around 100,000 users and they were posted on the dark web asking for $1.2 million in ransom. The firm asked its users to reset passwords on its platform and stay alert for any suspicious activity.
Date Detected: April 2021
Type: Data Breach
Motivation: Financial
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UPS92718422
Data Compromised: Know-your-customer details
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Know-Your-Customer Details and .
Which entities were affected by each incident ?
Incident : Data Breach UPS92718422
Entity Name: Upstox
Entity Type: Stockbroking Firm
Industry: Finance
Location: India
Customers Affected: 100,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UPS92718422
Containment Measures: Password reset
Communication Strategy: User advisories to stay alert for suspicious activity
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UPS92718422
Type of Data Compromised: Know-your-customer details
Number of Records Exposed: 100,000
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by password reset and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach UPS92718422
Ransom Demanded: $1.2 million
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through User Advisories To Stay Alert For Suspicious Activity.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UPS92718422
Customer Advisories: Asked users to reset passwords and stay alert
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Asked Users To Reset Passwords And Stay Alert and .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.2 million.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on April 2021.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Know-Your-Customer details and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Password reset.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Know-Your-Customer details.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 100.0K.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $1.2 million.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Asked users to reset passwords and stay alert.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=upstox' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
