KYC Details compromised with CVLKRA


Hi, few days back i got a mail from CVL KRA that says

" We wish to inform you that your PAN AXXXXXX2Z has been fetched by SUNDARAM BNP PARIBAS FUND SERVICES LTD - SUNDARAM ASSET MANAGEMENT COMPANY LIMITED. Please contact SUNDARAM … LIMITED for any queries.

If you are not conducting business through this intermediary, kindly get in touch with CVL-KRA helpdesk at 022-61216969 or mail at"

But I have nothing to do with this company,

Did someone else also receive such email?

Can anyone please tell me why I received this email and what can be the consequences? I’m worried as it says an intermediary is required to fetch the record from the KRA system when a client opens an account or transacts through the said intermediary. Does this mean data is being compromised? Is there anything to be worried of?
Please tell if anyone else also received such email and what does it mean.


Sundaram Mutual Fund asked for your KYC details, maybe because you opened a Mutual Fund account with them. Anyway, the mail tells you to contact them if you have any concern about it, so have you done that?


It is normal process when you apply to a new AMC online or in paperless mode. They retrieve your data from CVL which is KYC Registration Agency (KRA).


Thanks @zomby for the info you’ve provided, but I haven’t applied to this AMC . Why should they retrieve my data from CVL ?


That is really worrisome. You should contact AMC to know why they retrieved that data (unauthorised). Also speak to CVL-KRA to know why this happened.


Thanx @Happy_Cats for the info, but i didn’t opened a Mutual Fund account with them, so why did they asked for my KYC details? I didn’t get any clear and satisfactory reply with them.


@zomby CVL KRA person tried to explain it as normal and happens with many others too, but i’m not sure if it is?


Nothing to worry.
Somebody else must have put in your pan card no erroneously, so to verify if right pan card no is given, amc must fetch the data and tally with the info in filled form.
As both must not have matched, the application must have been rejected.
Now instead of pan, if somebody put in your uid, then there is one additional step of otp to avoid 3rd parties to access aadhar data. So the application would have been rejected even before the data fetch.
But this not the case with pan.

Still you can and must follow up the whole matter with amc.


Thnx @maddy_Des for the info provided, but are you really sure ? That way anyone with someone’s PAN no can access their details. To support this possibility you said, has this or similar ever happened with you or anyone you heard of ?


Earlier Railways made id compulsory for reservations. Then they started pasting passenger lists on train coaches along with the id no provided . Some people would go and copy name and id card (in many cases pan card) and misuse.
Anyways it is well known that pan data is not that securely protected.
Still it is only appropriate if you take some time and pains to follow this up with them. Just ask them “How my data got accessed?” and “you yourselves have asked me to contact in case it is not me” etc.


Thnx @maddy_Des, this info was really helpful; their justification was not clear and seemed biased towards defending themselves.