Biggest cyber breaches in India

List of cyber breaches in India

Here are some of the biggest recent data breaches in India that have made headlines:

1. Personal information data leak (2018)

One of India's largest data breaches involved a government statutory body. In 2018, reports surfaced that the personal information of over 1.1 billion Indians was exposed due to a security lapse. Sensitive details such as names, addresses, phone numbers, etc., were allegedly accessible online for as little as ₹500.

Impact of the breach

• Exposed personal data of nearly the entire Indian population
• Increased risk of identity theft and fraud
• Raised questions about the security of the country’s digital identity infrastructure

Measures taken

• The government body denied any breach but later strengthened security protocols
• Calls for better data protection laws increased after the breach

The breach highlighted the risks of centralised data storage and inadequate cybersecurity measures.

2. Popular restaurant chain data breach (2021)

In 2021, a popular restaurant chain was the victim of a massive data breach, with about 180 million order details leaked online. The exposed data included customer names, phone numbers, email addresses, delivery addresses, and even payment details.

How it happened

• Hackers exploited a vulnerability in the database
• Data was leaked and put up for sale on the dark web
• Cybercriminals used the stolen information for phishing attacks and scams

Response from the chain

• The company acknowledged the breach but assured that financial details remained safe
• Strengthened data security measures after the incident
• Customers were advised to change passwords and remain cautious

This incident was a wake-up call for businesses relying on online transactions without adequate cybersecurity measures.

3. Cyberattack on airline (2021)

One of India's most alarming cyber breaches occurred in 2021 when an airline suffered a major security lapse. Hackers stole the personal data of about 4.5 million passengers, including names, passport details, credit card information, and ticket data.

How did it happen?

• The breach was linked to a third-party IT service provider for airlines
• Hackers exploited vulnerabilities in data storage systems
• Affected customers were notified months after the attack

The consequences

• Increased risk of identity theft and travel fraud
• Loss of customer trust in the airline’s data security practices
• Raised concerns about outsourcing data storage and cybersecurity in the aviation industry

4. Payment gateway data breach (2020)

A popular payment processing company suffered a breach in 2020 that exposed the data of over 100 million users. While the company claimed that only masked card data was leaked, security researchers found that email addresses, phone numbers, and card fingerprints were compromised.

Why this matters

• The company processes transactions for major companies
• Exposure of masked card data still poses risks through social engineering attacks
• The breach raised concerns about third-party payment security in India

Steps taken post-breach

• The company enhanced data encryption protocols
• Improved monitoring systems for unauthorised access
• Increased transparency in data breach reporting

5. Public sector bank data leak (2019)

A public sector bank suffered a data leak in 2019 when an unprotected server exposed millions of customer details. The compromised data included bank balances, account numbers, and transaction details.

Implications of the leak

• Exposed sensitive financial information of customers
• Increased risk of banking fraud and unauthorised transactions
• Highlighted weaknesses in banking security

Bank’s remedial actions

• Secured the exposed server immediately after discovery
• Strengthened encryption protocols for customer data
• Increased cyber awareness training for employees

6. Broking firm security breach (2021)

A stock trading platform suffered a data breach in 2021, affecting 2.5 million users. The breach exposed sensitive financial information, including PAN card details, email addresses, and contact numbers.

Why this is critical

• Stock trading platforms store high-value financial data
• Cybercriminals can use stolen PAN details for financial fraud
• Users were at risk of identity theft and phishing scams

Firm’s response

• Strengthened firewalls and security protocols
• Alerted customers and advised them to update passwords
• Assured that banking details remained secure

7. Food brand ransomware attack (2020)

One of India’s largest food brands was hit by a ransomware attack in 2020. Hackers infiltrated their internal systems and encrypted crucial data, demanding a ransom in exchange for restoring access.

What happened?

• Cybercriminals used ransomware to lock access to company data
• A ransom was demanded for decryption keys
• The company’s operations were temporarily disrupted

Lessons learnt

• Ransomware is a growing threat to Indian businesses
• The need for regular data backups and cybersecurity training
• Importance of having cyber insurance to mitigate financial losses

Conclusion

The rise in major cyber attacks in India is a wake-up call for businesses and individuals to prioritise cybersecurity. With increasing online transactions and digital dependence, ensuring robust security measures is essential.

Also, companies should invest in cyber liability insurance coverage to protect against financial losses due to cyber threats. Staying informed and adopting preventive measures can help mitigate risks and safeguard sensitive data.