India's Largest Cyber Breaches -

Post Views: 190

India’s Largest Cyber Breaches

The ever-changing era is calling for latest cyber security solutions for saving our online resources from online threats that can be dangerous for the protection of our confidential data. Even handling and managing the online businesses are has become easier with the available resources.

Online platforms have helped businesses a lot with online consumers, listing, carting, shopping and billing. Due to that, adversaries (Online Hackers) got the chance to intrude into our systems and steal confidential data.

According to a research, India ranked third internationally in 2021 for the number of cyberattacks. The greatest cyberattacks that occurred in India between 2019 and 2021 are listed here.

SBI Data Breach (January 2019)

The largest bank in the nation, State Bank of India, did not have a password-protected server, according to information provided anonymously by a security researcher.

Customers can receive information about their most recent transactions and account balance via text texts thanks to SBI Quick, a free service. The customers received over 3 million SMS messages.

JustDial Data Breach (April 2019)

JustDial is a platform for local search services that gives you information about everything. In April 2019, JustDial will have to deal with a data breach. More than 100 million users’ data were compromised in this data breach, and it was made publicly available.

The data includes

a) Names,

b) Mobile Numbers,

c) Email IDs,

d) Date of Birth,

e) Gender, and

f) Addresses.

It was revealed by an independent security researcher in a Facebook post.

Healthcare Records Breach (August 2019)

Enterprise security company FireEye. The business disclosed that hackers broke into and stole data from an Indian healthcare website regarding 68 lakh patients and providers.

The hack was carried out in China, and Fallensky519 is the name of the hacking gang, according to FireEye. Moreover, the cyber group offered some patient and doctor information for USD 2000 while selling healthcare records on the dark web.

Unacademy Data Breach (May 2020)

An online learning environment is called Unacademy. When it was established in 2015, investors like

a) Facebook,

b) Blume Ventures, and

c) Sequoia India.

The business acknowledged that a cyberattack had compromised the accounts of 22 million individuals who had registered on its website.

Data such as usernames, email addresses, and passwords were listed for sale on the dark web, according to Cyble, a cyber security company.

Bigbasket For Sale on Dark Web (October 2020)

An online grocery store is called Big Basket. BigBasket has reportedly been placed up for sale in an online market for cybercrime, according to the cyber intelligence firm Cyble.

Additionally, a portion of a database containing the private information of almost 20 million customers was offered for USD 40,000.

On November 1, Cyble notified BigBasket of the security issue and verified the data that was being offered for sale by BigBasket.

The data included

a) Names,

b) PINs,

c) Mobile Numbers,

d) Email IDs,

e) Date of Birth,

f) IP Addresses, and

g) Locations.

Juspay for Sale on Dark Web (January 2021)

Online payment system Juspay was created specifically for use with mobile devices. Juspay disclosed in January 2021 that data, including card fingerprints and disguised card data, belonging to 35 million consumers had been stolen from a server.

An unrecycled access key was used to breach the data. According to cyber security researcher Rajshekhar Rajaharia, the data was planned for sale on the dark web for USD 5000.

Covid-19 Test Results of Indians (January 2021)

Results of about 1500 Indian patients’ COVID-19 lab tests were released by the Indian government. Worryingly, Google indexing has made the data publicly accessible even though it wasn’t offered for sale on the dark web.

The hacked PDF reports appeared on Google, as was initially reported by BleepingComputer. Government websites using the “gov.in” and “nic.in” domains hosted these PDF files. These agencies were later discovered to be in New Delhi.

Names, DOBs, test dates, and the testing facility were among the information that was exposed. Additionally, the URL structures revealed that the CMS system, on which the reports were placed, was the same one that the government uses to post publicly accessible papers.

Niamh Muldoon, senior director of OneLogin, stated that what is happening in this situation is the failure to train people on how to develop software, test it, and then use it as platforms to run and store information, such as patient data.

He continued by saying that the government needed to engage in security programs with reputable security platform suppliers and quickly implement safety measures to reduce the likelihood of future data breaches.

Police Exam Applicants Data (February 2021)

On the database sharing platform, identifying information about more than 5,000 000 candidates’ personalities was made available for purchase.

It was tranced by the threat intelligence company CloudSEK. The information was linked to a police exam that was given in India on December 22, 2019.

More than 10,000 candidates’ data were provided to CouldSEK by the seller.

The data shared included

a) Names,

b) DOB,

c) Email IDs,

d) Mobile Numbers,

e) FIR records along with the criminal history of the candidates.

The majority of the candidates were from Bihar, as was later discovered after the study of the stolen data. The leaked data was confirmed to be accurate when the threat-intel firm linked the mobile number with the candidate names.

Upstox Reset Passwords (April 2021)

An Indian trading platform is called Upstox. The business confirmed a cyberattack that compromised KYC data in April 2021.

Financial service providers acquired the data to check customers’ identities and stop money laundering and fraud because hackers could exploit it to steal their identities.

On April 11, the business notified the client that they will change their passwords and take other safety precautions as soon as they received notice in an email that contact and KYC data housed in a third-party warehouse may have been compromised.

Later, Upstox issued an apology to its clients and informed them that they had informed the improved securities of the occurrence. Upstox also announced an expansion of their bug bounty program in order to find ethical hackers who would test the system.

Domino’s India (April 2021)

On the dark web, information about customers who placed more than 180 million Domino’s India orders was for sale.

Alon Gal, the CTO of the cyberintelligence company Hudson Rock, disclosed it. He added that someone had requested 10 bitcoin, which cost Rs 4 crore and contained 13 gigabytes of information, including the credit card information for 1 million people and information on 180 million pizza orders.

Names, email addresses, and contact information were all included in the data. Alon Gal shared the screenshot of the hackers claiming to have information on over 250 Domino’s India employees as well as access to their Outlook mail going back to 2015.

Domino’s India’s parent company, Jubilant Foodworks, informed IANS of the information security incident, but disputed that their customers’ financial information was also compromised because they don’t keep credit card information on file.

Air India Cyber Breach (May 2021)

Data from the Air India airline was compromised in May 2021, exposing the personal information of more than 4.5 million customers.

The stolen information was gathered between August 2011 and February 2021. Moreover, the airline data servicer supplier SITA disclosed the incident. It wasn’t until March that passengers learned about the tragedy.

Air India was not the only airline impacted by the attack on SITA’s passenger service system; other airlines included

a) Lufthansa,

b) Cathay Pacific, and

c) Malaysia Airlines.

Importance of Cyber Insurance

You may appreciate the significance of a cyber insurance policy when the information of such large corporations is not secure.

While it cannot recover the compromised data, it can offer cash support and support if you face any legal repercussions.

Conclusion

The most significant cyberattacks against India between 2019 and 2021 included some of these. Cyber insurance is essential since online data security breaches are unavoidable. Make sure your data is insured so you are not responsible for the entire burden.

About The Author

Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.

Read More Article Here