Dealing with the unprecedented rise of data breaches in India

As per the recent study by Netherlands-based Virtual Private Network (VPN) Surfshark, data breaches have globally lowered by 58% in the first quarter of 2022. Although USA, Poland, and Russia are the most breached countries, India still remains among the top 5 target nations for hackers. Despite a global drop in data breaches, Russia’s breaches peaked in March 2022, seeing over 3.5 million of their users targeted, likely as a consequence of being targeted by the hacker group Anonymous for their invasion of Ukraine. Data breaches of Indian users have fallen by 62%, from 17.7 lakh users breached to 6.75 lakh users breached in Q1 2022, but the threat still remains imminent. Every day, malicious players use the dark web to sell mass amounts of leaked passwords, emails, and other sensitive data that can potentially be used for future ransomware, identity theft, and phishing attacks as one of the major global vulnerabilities in the cybersecurity space. 

data breaches in india

India’s struggle with data breaches

Since 2004, 18 out of every 100 Indians have had their personal data breached. The study also revealed that of the 14.9 billion accounts leaked globally over the past 18 years, 254.9 million of them belong to Indian users (1.7%). India has seen its fair share of data breaches with a total of 86.6 million user accounts stolen over 9 sizeable data breaches in 2021 alone – A whopping 352% increase from 2020. 

Some of the most damaging data breaches to India in 2021 include:

  • May 2021 CAT burglar leaks sensitive information of over 1.9 lakh CAT applicants.
  • April 2021 – A hacker stole and put up 10 lakh credit card records and 180 million Dominos India pizza orders, along with other sensitive customer information for sale on the dark web.
  • February 2021 – Information of over 5 lakh candidates appearing for the Indian police exam was stolen from the police exam database and put up for sale.

Other notable data breaches in the recent past include the Justpay user data breach, BigBasket user data breach, Air India passenger data breach, and healthcare records breach. 

Application Vulnerability – the primary reason for data breaches

According to a report by cybersecurity firm Barracuda on the state of application security in 2021, Application Vulnerability is the primary reason Indian organisations have been susceptible to data breaches. After surveying 750 AppSec decision-makers responsible for organisational AppSec and development, the report found over 52% of respondents stated web application vulnerability as the most likely contributor to successful security breaches resulting from application vulnerabilities in the past year.

As per the report, Indian companies identified the top application security challenges as:

  • Software supply chain attacks (59%)
  • Security slowing application development time (48%)
  • Badbots (45%)
  • Security APIs (44%)
  • Vulnerability detection (38%)

The imposed shift to remote work as a result of the COVID-19 pandemic in 2020, made it even harder for Indian companies to deal with an exponentially escalating amount of new threats like API attacks, bot attacks, and supply chain attacks. 

New cybersecurity directives

In light of these attacks, The Indian Computer Emergency Response Team (CERT-In) has rolled out a new set of cybersecurity directives that the entire industry is expected to comply with by September 25, 2022. These directives cover various aspects of cyber security, prompter breach reporting, and new record maintenance requirements. 

CERT-In has not only considerably expanded the mandatory reportable cybersecurity incidents but has also reduced the required timeframe within which a cybersecurity incident must be reported to 6 hours. The new set of directives also requires data centers, VPN providers, and VPS (Virtual private server) providers to record and maintain details of their subscribers for at least 5 years after the cancellation of user registration, or an even longer period; as dictated by the law. 

The cybersecurity industry is painfully aware of its current shortcomings but there is also a unanimous agreement on the many loopholes that the practical application of these directives will create. 

User privacy concerns, limited server ability, staff capacity constraints, and an increased financial burden, are just some of the reasons there are challenges with implementing these directives within the given timeframe. Robust protection mechanisms need to be implemented before enforcing these new directives if we are to truly improve cybersecurity and reduce data breaches.