5 data breaches in India you didn't know about

June 22, 2021

Day after day, more and more people learn about new things on the internet. The world is a smaller place now but it isn’t getting any safer. According to reports, cyberattacks in 2021 have increased. Ransomware attacks have increased by 6% while phishing is up by 11%.

Data leaks and Data breaches are, unfortunately, on the rise according to the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR). During the global pandemic, the number of breaches was higher than ever before.

The fear of data breaches plagues every sector, every industry, big or small. Automobile giants Volskwagen and Audi recently disclosed a data breach that compromised the data of over 3.3 million current and potential customers, majority of which reside in Canada and the United States.

Lately, India has been put under the microscope after the massive cyberattack on Air India. The flag carrier airline of India saw personal information of lakhs of passengers getting leaked. It has affected around 45 lakh registered customers who signed up between 26th August 2011 and 2nd February 2021. From names, credit card details to contact information and ticket details, all the customer data was compromised in the process.

This, however, is not the first time that an India-based company has faced a cyber-crisis. Let’s take a look at some of the data breaches the country has faced in its past.

1. Credit & Debit Card Breach (2019)

A staggering 13 lakh credit and debit card records were compromised and sold to a site on the dark web. The site was owned and used by cyber criminals for the sole purpose of buying as well as selling card details.

98% of the compromised cards in the database belonged to Indian banks and each card was being sold for over $100. Unlike the situation Air India faced recently where partial details of the cards were leaked, this credit and debit card data breach of 2019 revealed card numbers, expiration dates and even the CVVs along with full names, contact numbers and even addresses.

Years down the line, an investigation on this issue is still pending.

2. Big Basket Data Breach (2020)

Addresses, email IDs, order details and phone numbers of over 2 crore users were leaked after online grocery platform BigBasket faced a massive cyberattack. The compromised data was being sold on the dark web for almost Rs. 30 lakhs.

The total size of the entire data was close to 15 GB and was stored in a Structured Query Language (SQL) file which was apparently hacked using an SQL Injection. After the data appeared on the dark web, BigBasket confirmed the breach and filed a case at the Bangalore Cyber Crime Cell.

The investigation is still ongoing.

3. Unacademy Data Breach (2020)

Data of around 11 million users was leaked off an online learning platform - Unacademy. The company faced a data breach in May 2020 when email IDs, passwords, names, user credentials and enrollment and login dates were compromised.

The breach was acknowledged soon after the platform’s 20 million user accounts were being sold on the dark web for $2000. Unconfirmed reports suggest that the platform’s entire database was vulnerable to the breach but Unacademy has not confirmed these claims.

No reports of an investigation have been stated.

4. Air India Data Breach (2021)

One of the most recent data breaches that has surfaced is the one at Air India. In May 2021, it was reported that cybercriminals had launched a fierce cyberattack on Air India. Sensitive user data of 4.5 million people was compromised in the process.

A Swiss tech company called SITA is Air India’s data processor. SITA, known for offering passenger processing and reservation system services, reported the staggering data breach around 3 months before it was announced.

In February 2021, SITA also revealed that the cyberattackers had access to the system for 22 days. The servers were secured after that and Air India reassured its customers that there was no conclusive evidence of data being misused and asked users to change their passwords.

5. Dominos India Data Breach (2021)

Right after the Air India Data Breach was reported, Dominos India reported a cyberattack the company witnessed in May 2021. Sensitive user data like credit card details, phone numbers, email IDs and order details were leaked in the process.

The data of 18 crore orders ended up on the dark web and instantly went up for sale under an undisclosed price. Dominos India (subsidiary of Jubilant FoodWorks) specified that they hade xperienced an information security incident and denied any financial information being accessed by the hackers.

Why are data breaches on the rise?

Factors like Data Privacy and Data Security often go unnoticed. Users are not extremely concerned when uploading sensitive data on platforms that could be vulnerable to cyberattacks. Companies often fail to follow directives to secure their servers and these companies are sitting ducks for cybercriminals.

What makes a company or system vulnerable to a data breach?

There are a lot of factors that include misconfiguration, improper or weak encryption, absence of vulnerability and compliance management and ill-informed staff which may make the company, system or software vulnerable to a data breach.

A secure solution to strengthen the shield against cyberattacks?

It is a common misconception that just an anti-virus software will protect everything on a system in a fool-proof manner. A comprehensive endpoint solution will use encryption to prevent data loss and leakage, enforce unified data protection policies across all your servers, networks, and endpoints, thereby reducing the risk of a data breach.

The 2021 Data Breach Investigations Report (2021 DBIR) has discovered and studied more breaches than ever before. This shows how the most common forms of cyberattacks affected the international security landscape during the global pandemic.

It analysed 29,207 quality incidents, of which 5,258 were confirmed breaches from 83 contributors across the globe. It is a third more breaches analysed than last year and that is an alarming statistic.

Replacing traditional file servers with state-of-the-art secured servers like FileAgo is the correct way to proceed for any company that wants to function effectively, securely and smoothly. A properly configured software that is well protected by military grade encryption and a lot many data privacy features for users makes a strong defence against the rising cyberattacks.