Data Breaches in india

Mobikwik data breach

Date:April 2021

Impact:3.5 million Mobikwik users

Details:According to a security researcher, the data of 3.5 million Mobiwik users was sold on the dark web.
According to the researcher, the personal information of 3.5 million users was put up for sale on the dark web and included KYC data, emails, phone numbers, and other information.

Upstox suffers data breach

Date:April 2021

Impact:This breach has exposed user data like Aadhaar, PAN, bank account numbers and more.

Details:Upstox, a popular discount broker, suffered a massive data breach that exposed sensitive information such as Aadhaar, PAN, and bank account numbers, as well as other personally identifiable information such as mobile numbers and email addresses.

Although Upstox has not commented on the data breach, it has stated that it has updated its security systems ‘manifold’ in response to the advice of a global cyber-security company.

Police examination database of 500,000 applicant records goes on sale

Date:February 2021

Impact:500,000 Indian police personnel

Details:On a database sharing website, the personally identifying details of 500,000 Indian police officers was for sale.CloudSEK, a threat analysis company, tracked the data back to a police exam on December22, 2019.

The bulk of the leaked data belonged to Bihar candidates.
By comparing telephone numbers with candidates’ identities, the threat-intelligence company was also able to ascertain the legitimacy of the leak.

The COVID-19 test results of Indian patients have been leaked online

Date:January 2021
Impact:There are at least 1500 Indian people (real-time number estimated to be higher)
Details:Thousands of Indian patients’ COVID-19 lab test findings have been leaked publicly via government websites.

What’s particularly concerning is that the stolen data hasn’t been put up for sale in dark web markets, but is now freely available thanks to Google indexing COVID-19 lab research results.

The leaked PDF files that appeared on Google were hosted on government agencies’ websites, which normally use the *.gov.in and *.nic.in domains, as first stated by BleepingComputer. The agencies in question were discovered to be in New Delhi.

The leaked information included patients’ full names, dates of birth, testing dates and centers in which the tests were held. Furthermore, the URL structures indicated that the reports were hosted on the same CMS system that government entities typically use for posting publicly accessible documents.

BigBasket user data for sale online

Date: October 2020

Impact: 20 million user accounts

Details:According to Atlanta-based cyber security company Cyble, user data from online grocery marketplace BigBasket is for sale in an online cybercrime market.

Cyble announced on November 7 that a portion of a database containing the personal details of nearly 20 million people was available for 3 million rupees ($40,000).

Names, email IDs, login hashes, PINs, telephone numbers, emails, dates of birth, locations, and IP addresses were among the information included in the database. Cyble said that it discovered the data on October 30 and, after validating it by comparing it to BigBasket users’ records, disclosed the apparent violation to BigBasket on November 1.

Unacademy learns lesson about security

Date: May 2020

Impact: 22 million user accounts

Details:Unacademy, an edutech startup, announced a data leak that compromised the identities of 22 million people. Cyble, a cybersecurity company, announced that usernames, email addresses, and passwords were being sold on the dark web.

Unacademy was founded in 2015 and is backed by investors such as Facebook, Sequoia India, and Blume Ventures.

Hackers steal 6.8 million Indian citizens’ medical records.

Date: August 2019

Impact: 68 lakh patient and doctor records

Details:Hackers stole information about 68 lakh patients and physicians from an Indian health care website, according to enterprise protection company FireEye. According to FireEye, the hack was carried out by a Chinese hacker group named Fallensky519.

Furthermore, it was discovered that healthcare documents were being traded on the dark web, with some of them selling for less than USD 2000.

JustDial exposes data of 10 crore users

Date: April 2019

Impact:Personal data of 10 crore users released

Details:JustDial, a local search provider, has exposed data from tens of millions of people.
An independent security researcher said in a Facebook post that data from more than 100 million people, including their names, email addresses, cell phone numbers, gender, date of birth, and addresses, had been made public.

A data theft at SBI exposes the account information of millions of consumers

Date: January 2019

Impact: Three million text messages sent to customers divulged

Details:An unnamed security researcher discovered that State Bank of India, the country’s largest bank, left a server vulnerable by failing to secure it with a password.

The weakness was traced back to ‘SBI Fast,’ a free service that sent customers their account balance and recent transactions via SMS. Customers sent almost three million text messages.