HDFC Asset Management Company has urged investors to immediately reset their passwords and stay vigilant against SIM-swap attempts following a cybersecurity breach that compromised its IT systems. Although mutual fund units and portfolio values remain secure, there is concern that investor identity and financial data might have been exposed. The breach was discovered on May 16, 2026, when an anonymous source claimed access to the company’s IT infrastructure. HDFC AMC activated its security protocols and engaged cybersecurity experts to assess the situation.
The company has informed all relevant financial regulators and secured a court order to prevent the misuse of the affected data. Under SEBI’s framework, AMCs must report critical incidents within six hours of detection. HDFC AMC has reassured investors that their investments are safe, as mutual fund units are stored independently at regulated depositories, separate from the AMC’s IT environment.
However, the breach does pose risks to investor identity, with data such as PAN, bank details, and investment history potentially exposed. Investors are advised to reset their passwords, remain cautious of unexpected communications, and monitor their accounts for unusual activity. The incident highlights the growing threat of cyber fraud in India, where high-value cybercrime cases have surged, posing significant risks to financial security and corporate reputation.
