Signzy, a popular vendor offering online “know your customer” ID verification and customer onboarding services to several top financial institutions, commercial banks, and fintech companies, has confirmed a security incident, TechCrunch can exclusively report.
The Bengaluru-based startup, which serves over 600 financial institutions globally — including the four largest Indian banks — was hit by a cyberattack last week, according to sources speaking with TechCrunch. On Saturday, Signzy told TechCrunch it was aware of the security incident but declined to elaborate.
India’s computer emergency response team, known as CERT-In, separately acknowledged to TechCrunch that it was aware of the incident and “in process of taking appropriate action with the concerned authority.”
Founded in 2015, Signzy enables onboarding for 10 million customers and businesses monthly. The startup, which has offices in New York and Dubai — in addition to its India offices in Bengaluru, Gurugram, and Mumbai — counts several major companies among its key customers, including ICICI Bank, SBI, Mswipe, and Aditya Birla Financial Services.
TechCrunch learned about the security incident from sources, including two Signzy clients, who were concerned about the alleged customer data that briefly appeared on a cybercrime forum post, which TechCrunch has seen.
PayU, another Signzy customer, said that Signzy was hit by an “information stealer malware” and asserted that it had no exposure to the incident.
“There is no impact on PayU customers or their data due to Signzy’s information stealer malware. We have received written confirmation from the vendor that PayU and its customers’ data have not been compromised and remain secure with the best security standards in place,” PayU spokesperson Dimple Mehta told TechCrunch.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Other customers said they were unaffected. When asked by TechCrunch, ICICI Bank stated that it had no exposure to the incident.
In a statement to TechCrunch, Signzy declined to comment on whether customer data had been exfiltrated. Debdoot Majumder, a spokesperson representing Signzy, said the company had hired a “professional agency for conducting the security incident investigation.”
The startup, backed by investors, including Mastercard, Vertex Ventures, Kalaari Capital, and Gaja Capital, said it had informed its clients, regulators, and stakeholders about the security incident.
When asked if the firm had engaged with the Reserve Bank of India, the country’s central bank, Signzy said it had no communication. The central bank didn’t respond to a request for comment.
