Nine Biggest Data Breaches in India That Occurred in 2019-21
India has seen a spiked graph of cybersecurity incidents for the past couple of years. Over 3 million data breach cases were reported in 2019 alone. On top of that, cyber-attacks cost Indian companies around 165 million rupees in the first half of 2021. Here are some of the biggest data breaches in India that affected many industries between 2019 and 2021.
1. Air India Cyber Breach
Date: May 2021
Impact: Over 4.5 million passengers’ data was compromised.
Incident Overview: The airline company formally announced that its customer database had suffered a massive security breach. As per reports, the personal details of 4.5 million customers around the world were leaked including passport, credit card details, DOB, name, and ticket information. In Feb 2021, Air India’s data processor, SITA (a Swiss technology known for offering passenger processing and reservation system services) reported the company about the data breach. Read more about the incident by clicking the link.
2. Domino’s Data Breach
Date: April 2021
Impact: Information about more than 180 million orders of Domino’s India was made available on the dark web.
Incident Overview: This is one of the unusual data breaches in India. Jubilant FoodWorks, the parent company of Domino’s said that the company experienced a security incident. But denied the financial information of its customers being leaked. As per the news, hackers created a web page on the dark web where customers’ information such as name, mobile number, email ID, and GPS data had been leaked. The data including 250 employees’ information was publicly available. Click on the link to know more about the data breach.
3. Upstox Cyber Security Breach
Date: April 2021
Impact: KYC data of around 25 Lakh customers was exposed
Incident Overview: The Indian online stock trading platform acknowledged that it experienced a cyber breach. And, KYC information of its customers was made public on the dark web. After the security incident, the company wrote warning emails to customers saying about the data breach and that they need to immediately change their password. Later, Upstox apologized to its customers and confirmed that their funds and shares were safe.
4. Police Exam Applicants’ Data Leak
Date: February 2021
Impact: PII of 500,000 candidates who applied for the Police exam was leaked
Incident Overview: News reports say about this data breaches in India that the Personal Identifiable Information (PII) of 5 lakh applicants was on sale on a database-sharing forum. The bio-data of the candidates such as name, DOB, mobile number, email ID, FIR records, criminal history, etc. were exposed.
5. Covid-19 Lab Test Results Gone Public
Date: January 2022
Impact: Data of over 20,000 people were put up for sale on Raid forums
Incident Overview: Hackers took control of the government server and managed to get access to thousands of people’s personal data including names, mobile numbers, addresses, Covid-19 test results, etc. This is one of the biggest data breaches in India as cyber criminals were able to get into a govt server. Plus, cyber security researcher Rajshekhar Rajaharia tweeted about the incident that the PII information was made public through a content delivery network (CDN).
6. Juspay Data Breach
Date: January 2021
Impact: 35 million customers’ card data was put on the dark web for sale
Incident Overview: The online mobile-based payment platform, Juspay suffered a massive cyber breach. Sources revealed that masked card data and card fingerprints of about 35 million customers were hacked. In fact, hackers get into the server through an unrecycled access key. As per reports, hackers initially demanded $8000 and later settled for $5000 for the Juspay data dump.
7. Unacadamy Cyber Security Breach
Date: May 2020
Impact: Around 22 million users’ data were leaked on the dark web
Incident Overview: The Bangaluru-based Edu tech start-up company, Unacadamy was one of the worst hit data breaches in India. Its services were put on the dark web for sale by hackers. Data including user names, email addresses, passwords, joining date for the program, last log-in data, etc were leaked. As a matter of fact, the initial report on the case says that 11 million users’ data were compromised and set for a $2000 sale.
8. JustDial Security Breach
Date: April 2019
Impact: PII of around 100 million users of local businesses was breached
Incident Overview: JustDial is an online local search platform that provides information about nearby businesses. Reports reveal that JustDial was at risk after an Application Programming Interface (API) was left unprotected for over a year. Then, in March 2020, the company’s data was exposed again.
9. SBI Data Breach
Date: January 2019
Impact: Over 9 million cardholders’ data was leaked
Incident Overview: SBI, the leading banking industry, left its server without any password protection. This is considered to be one of the biggest data breaches in India as the financial information of more than 90 lakh cardholders was exposed to hackers. Furthermore, the data included sensitive Personal Identifiable Information (PII) information such as SSN, card details, CVV, and other financial data.
From the above data breaches in India, it’s clear that an industry of any business size could fall victim to cyber-attack. Moreover, the serious concern is that in every case sensitive data of people were at stake. Though, the government of India is taking steps to stop data breaches by bringing a new Data Protection Bill. But, it’s also the responsibility of company stakeholders to opt for Managed Cyber Security Services and secure their IT infrastructure before it’s too late.