Nine Biggest Data Breaches in India That Occurred in 2019-21

Written By Sambita Panigrahy  
Anuraag Singh
Approved By Anuraag Singh 
Published On April 21st, 2023
Reading Time 5 Minutes Reading

India has seen a spiked graph of cybersecurity incidents for the past couple of years. Over 3 million data breach cases were reported in 2019 alone. On top of that, cyber-attacks cost Indian companies around 165 million rupees in the first half of 2021. Here are some of the biggest data breaches in India that affected many industries between 2019 and 2021.

data breaches in india

1. Air India Cyber Breach

Date: May 2021

Impact: Over 4.5 million passengers’ data was compromised.

Incident Overview: The airline company formally announced that its customer database had suffered a massive security breach. As per reports, the personal details of 4.5 million customers around the world were leaked including passport, credit card details, DOB, name, and ticket information. In Feb 2021, Air India’s data processor, SITA (a Swiss technology known for offering passenger processing and reservation system services) reported the company about the data breach. Read more about the incident by clicking the link.

2. Domino’s Data Breach 

Date: April 2021

Impact: Information about more than 180 million orders of Domino’s India was made available on the dark web.

Incident Overview: This is one of the unusual data breaches in India. Jubilant FoodWorks, the parent company of Domino’s said that the company experienced a security incident. But denied the financial information of its customers being leaked. As per the news, hackers created a web page on the dark web where customers’ information such as name, mobile number, email ID, and GPS data had been leaked. The data including 250 employees’ information was publicly available. Click on the link to know more about the data breach.

3. Upstox Cyber Security Breach 

Date: April 2021

Impact: KYC data of around 25 Lakh customers was exposed

Incident Overview: The Indian online stock trading platform acknowledged that it experienced a cyber breach. And, KYC information of its customers was made public on the dark web. After the security incident, the company wrote warning emails to customers saying about the data breach and that they need to immediately change their password. Later, Upstox apologized to its customers and confirmed that their funds and shares were safe. 

4. Police Exam Applicants’ Data Leak

Date: February 2021

Impact: PII of 500,000 candidates who applied for the Police exam was leaked 

Incident Overview: News reports say about this data breaches in India that the Personal Identifiable Information (PII) of 5 lakh applicants was on sale on a database-sharing forum. The bio-data of the candidates such as name, DOB, mobile number, email ID, FIR records, criminal history, etc. were exposed. 

5. Covid-19 Lab Test Results Gone Public

Date: January 2022

Impact: Data of over 20,000 people were put up for sale on Raid forums

Incident Overview: Hackers took control of the government server and managed to get access to thousands of people’s personal data including names, mobile numbers, addresses, Covid-19 test results, etc. This is one of the biggest data breaches in India as cyber criminals were able to get into a govt server. Plus, cyber security researcher Rajshekhar Rajaharia tweeted about the incident that the PII information was made public through a content delivery network (CDN). 

6. Juspay Data Breach

Date: January 2021

Impact: 35 million customers’ card data was put on the dark web for sale

Incident Overview: The online mobile-based payment platform, Juspay suffered a massive cyber breach. Sources revealed that masked card data and card fingerprints of about 35 million customers were hacked. In fact, hackers get into the server through an unrecycled access key. As per reports, hackers initially demanded $8000 and later settled for $5000 for the Juspay data dump.  

7. Unacadamy Cyber Security Breach

Date: May 2020

Impact: Around 22 million users’ data were leaked on the dark web

Incident Overview: The Bangaluru-based Edu tech start-up company, Unacadamy was one of the worst hit data breaches in India. Its services were put on the dark web for sale by hackers. Data including user names, email addresses, passwords, joining date for the program, last log-in data, etc were leaked. As a matter of fact, the initial report on the case says that 11 million users’ data were compromised and set for a $2000 sale. 

8. JustDial Security Breach

Date: April 2019

Impact: PII of around 100 million users of local businesses was breached

Incident Overview: JustDial is an online local search platform that provides information about nearby businesses. Reports reveal that ​​JustDial was at risk after an Application Programming Interface (API) was left unprotected for over a year. Then, in March 2020, the company’s data was exposed again.

9. SBI Data Breach

Date: January 2019

Impact: Over 9 million cardholders’ data was leaked

Incident Overview: SBI, the leading banking industry, left its server without any password protection. This is considered to be one of the biggest data breaches in India as the financial information of more than 90 lakh cardholders was exposed to hackers. Furthermore, the data included sensitive Personal Identifiable Information (PII) information such as SSN, card details, CVV, and other financial data. 

Final Insight

From the above data breaches in India, it’s clear that an industry of any business size could fall victim to cyber-attack. Moreover, the serious concern is that in every case sensitive data of people were at stake. Though, the government of India is taking steps to stop data breaches by bringing a new Data Protection Bill. But, it’s also the responsibility of company stakeholders to opt for Managed Cyber Security Services and secure their IT infrastructure before it’s too late.