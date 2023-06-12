Reports on Monday have claimed that the CoWIN database in India was breached, leading to the sharing of personal and sensitive user information on a Telegram channel. The government has denied any evidence of a breach but is investigating the possibility of a hack. According to previous research, India accounted for 20 percent of all exposed records from data breaches in 2022. India has experienced several high-profile data breach incidents in recent years, affecting organizations such as the Aadhaar database, Air India, BigBasket, Dominos, and the State Bank of India.

2022 card data

Dominos India — May 2021

On May 22, 2021, Dominos India, a subsidiary of Jubilant FoodWorks, experienced a cyberattack resulting in the leakage of data from 180 million orders . The breach exposed order details, email addresses, phone numbers, and credit card details. Jubilant FoodWorks confirmed an information security incident but denied any unauthorised access to financial information.

Air India — May 2021

In May 2021, Air India fell victim to a cyberattack that compromised the personal details of approximately 4.5 million customers worldwide. The breach exposed personal data registered between August 26, 2011, and February 3, 2021, including names, dates of birth, contact information, passport information, ticket details, Star Alliance and Air India frequent flyer data, as well as credit card data.

BigBasket — November 2020

In November 2020, online grocer BigBasket suffered a data breach that compromised the personal details of over 20 million users . An unsecured database file containing over 15 GB of user data was hacked into — leaked information included email IDs, password hashes, PINs, phone numbers, addresses, dates of birth, locations, and IP addresses. BigBasket acknowledged the breach and filed a case with the Bengaluru Cyber Crime cell.

Unacademy — May 2020

In May 2020, the online learning platform Unacademy experienced a data breach that compromised the email data of over 11 million users. While no sensitive information such as financial data or passwords was leaked, user data including IDs, passwords, date joined, last login date, email IDs, names, and user credentials were compromised. The breach was discovered when user accounts were found for sale on the dark web.

2019 credit and debit card data breach

In October 2019, a significant data breach involving credit and debit card records occurred in India. Over 1.3 million credit and debit card records from multiple Indian banks were being sold on the dark web. The breach revealed card numbers, expiration dates, CVVs, and fully personally identifiable information, including cardholders' names, emails, phone numbers, and addresses. The data was likely obtained through skimming devices installed on ATMs or Point of Sale systems or through Magecart attacks on e-commerce websites.

Kudankulam Nuclear Power Plant — September 2019

In September 2019, India's largest nuclear power plant, the Kudankulam nuclear power plant , faced a data breach. The breach involved the deployment of malware that targeted the plant's IT network. The malware, known as Dtrack, collected information from the plant's administrative network. While the attackers did not gain access to the critical internal systems, they managed to obtain valuable information such as internet search history, operating system registry data, and active processes on infected computers. The malware was traced back to the North Korea-linked Lazarus Group.

Justdial — April 2019

In April 2019, Mumbai-based local search engine Justdial experienced a data breach that leaked user details. An unprotected API )Application Programming Interface) endpoint on Justdial's old website and app allowed unauthorised access to user information. The breach exposed names, mobile numbers, email addresses, occupations, and addresses of nearly 100 million users. Justdial acknowledged the vulnerability but contested reports by asserting that user and financial information remained protected through an OTP authentication system.

SBI — January 2019

Aadhar — early 2018

The Tribune had reported that over 1,00,000 ex-employees of the Ministry of Electronics and Information Technology had continued access to the UIDAI system, raising concerns about unauthorised data access. In early 2018, concerns arose regarding the security of India's Aadhaar identification database. The Aadhaar database, managed by the Unique Identification Authority of India (UIDAI) , was found to be leaking information on registered Indian citizens. This included names, bank details, and other private information, including biometric data. Anonymous sellers on WhatsApp provided unrestricted access to the Aadhaar database, bringing the issue to light.reported that over 1,00,000 ex-employees of the Ministry of Electronics and Information Technology had continued access to the UIDAI system, raising concerns about unauthorised data access.

Multiple instances of data leaks were discovered, including the exposure of Aadhaar information through state government websites and an unprotected system in a state-owned utility company called Indane. Over 130 million citizens' Aadhaar information was compromised due to these breaches, making it one of the largest data breaches in the world, according to the WEF Global Risk Report.

2016 Debit Card Data Breach