Indian payments firm MobiKwik on Tuesday said it will get an independent forensic audit but assured customers their information was safe after allegations emerged of a breach that exposed the data of millions of its users.

An Indian security researcher last month flagged on Twitter that data of 110 million MobiKwik customers had been leaked from the company’s servers.

MobiKwik denied the claim on March 4, saying it did not find any security lapses, adding that its legal team would take “strict action against this so-called researcher”.

After several other users said the leak seemed genuine, MobiKwik on Tuesday said it is probing the matter.

“The company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached,” MobiKwik said in a statement. “Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit”.

MobiKwik also said users could have uploaded their data on several platforms and it was incorrect to say their information visible on the darkweb was accessed from the payments company.

Based on the outskirts of Indian capital New Delhi, MobiKwik counts India’s Bajaj Finance, U.S. venture fund Sequoia Capital and South Africa’s Net1 as it backers.

It provides digital payments services to customers, competing with Alibaba-backed Paytm and Walmart’s PhonePe.