Major Data Breaches in India
It was 2019 when customer data of India’s largest bank SBI (State Bank of India) was exposed to a major data breach. Customer information including partial account numbers, mobile numbers, transaction details, and account balances was compromised from an unsecured server. The nation shattering incident happened from the Mumbai data centre of SBI, where the server hosted SBI quick service. The server stored two months of customer data from SBI quick.
Something went wrong with the Fortune 500, top-ranked State Bank of India, which disastrously exposed its vulnerability to the fraudsters and ramshackle its name openly.
An error of judgment or mole in technology?
Well, SBI simply forgot to protect its server with a password, baring its massive data to be exploited and misused by scammers.
What remained unknown was for how long the server remained open and unprotected. This open access exposed in public, the outgoing messages of the customers in real-time alongside the daily archives of over two months, hence putting the financial details of millions of customers at risk. Worse still, the database included customers’ partial account numbers. The incident is now known as one of the worst cases of negligence and a basic security blanket could have been potentially used to profile the high net worth customers as targets for future frauds.
While the issue was resolved right after it went through its initial investigation, SBI nullified any claims of data risk and issued that the customer's financial details are completely secure with them.
What commenced as an act of clearly avoidable negligence from SBI by adopting the Password protected mandate on its server, was dismissed by the bank. The severity of a situation is alarming and it dismays the very step towards building a robust and cutting-edge safety net to protect customer data. The complications of a breach of this magnitude that victimize millions of its users are massive, and it causes users to lose trust in the foundations of the financial systems in the country.
Reiterating the breach in security, it wouldn’t come as a shock to you on knowing that according to a report by Surfshark, India ranks third in the global data breaches, with over 86 million people affected by the year 2021.
Data breaches are at an all-time high in India. On average Indians lost over ₹16.5 crores to the malware itself in 2021, according to a report by IBM Security and Ponemon Institute. While there are many factors to blame for the increasing vulnerability faced by Indians, the major one observed recently was the global pandemic that swept away security practices and victimized people. The pandemic witnessed data security taking a backseat when the health sector needed a boost. However, the irony is medical record data breach in India was at a record high during the pandemic, surfacing the lack of a security blanket and the need for a robust strategy that overcomes these loopholes.
Based on public information, Indians became the victims of more than just the infamous SBI data breach, some of which need mention:
1. Air India
It was March 2021, when Air India announced that it suffered a data breach of around 45 lakh users. The massive breach caused the information of its users leaked, including their name, mobile number, date of birth, email address, credit card information, ticket information, passport information, and frequent flyer data. It is unquestionably considered one of the most serious data leaks of all time, with the most vital documents at the mercy of scammers.
2. Domino’s India
On 22nd May 2021, an internet security researcher Rajshekhar Rajaharia unearthed the 18 crore Dominos’ India online leak. The breach exposed the names of customers, their email addresses, mobile number and GPS location. It was further highlighted that the credit card details of at least 10 lakh people in India were compromised in the leak.
The famously infamous Facebook India data breaches are known to all. The social media giant is notorious for its massive data leaks, and in the April of 2021, Facebook had an incident when the information of its 60 lakhs Indian users was compromised. The leaked data included Facebook ID, personal email ID, phone number, relationship status, date of birth and past locations of the users. Facebook commented on the data breach and mentioned that the scammers misused the company’s import tool, used to find friends. While Facebook claims that they have resolved the issues, going by its reputation on user data safety, the statement hardly holds value, especially when the leaked data set is reportedly posted on an online forum easily accessible to anyone.
Mobikwik, one of the most popular Indian digital wallet services, was the victim of a data breach that led to the data leak of 110 million Mobikwik users. The stolen information included users’ KYC documents, credit card details, Aadhaar card information, and mobile numbers.
India’s second-largest brokerage firm, Upstox became the victim of a data breach in April 2021. The leak exposed the KYC and contact details of 25 lakh Upstox users. According to Upstock, the data breach occurred from a third-party data warehouse. One can only imagine the seriousness of losing information on one’s stock information, and while Upstocx claims to have resolved the issue, the expanse of this leak still lingers.
The rapid shift from office to remote work in India was also a tremendous disruption of data security programs. The shift made it evident that as modernization and technology disruption enters the business and personal world, with tools as sophisticated as AI, machine learning, security analysis, data breaches will significantly become more cutting-edge. This draws the need for better security structures and leading-edge security programs at both public and private levels. People also need to be extra careful when they get to know about their stolen data. They should immediately change the credentials of the accounts that are compromised.
These major companies spend millions on data security but individuals can secure their devices at a very low cost by using cyber security apps like Fraud detection apps or phishing detection apps.