In the era of digital advancements, India has experienced a persistent rise in data breaches, coinciding with a significant surge in cyber attacks throughout 2022 and 2023.
These incidents shed light on the alarming frequency of cyber threats plaguing India, highlighting the need for greater vigilance.
This article takes an in-depth look at the top 10 data breaches in India. By exploring this comprehensive list, we delve into the implications, underlying causes, and resulting repercussions of these data breaches.
Our research further emphasizes the urgency of prioritizing effective measures to safeguard against cyber attacks and ensure robust data security.
Unveiling India’s Cyber Assaults: Analyzing Data Breaches in India between 2022-23
Deputy Director General Dipankar Sengupta at India’s National Informatics Centre discussed the surge in cyber attacks in recent times with The Cyber Express.
“India faces enormous challenges in cybersecurity, with ever increasing attack surface coupled with the lack of awareness and preparedness. Organizations need to improve their cybersecurity posture, adopt best practices with respect to network security, incident response, and data protection,” Dipankar Sengupta said.
A recent report by Check Point, a leading cybersecurity solutions provider, sheds light on the alarming vulnerability of the nation to cyber attacks, revealing an 18% surge in weekly assaults during the early months of 2023.
Picture this: every organization in India weathered an average of 2,108 relentless cyber attacks per week in the first quarter of the year. This figure towers over the global average of 1,248 weekly attacks by a staggering 7%.
Zooming in on the affected sectors, it becomes apparent that the education and research domain has borne the brunt of the data breaches in India.
A staggering 2,507 attacks besieged each organization in this sector every week, as the transition to remote learning offered cybercriminals ample opportunities to exploit the expanded networks and access points.
Not far behind, the government and military sectors endured 1,725 assaults, closely followed by the beleaguered healthcare industry with 1,684 incidents.
The retail and wholesale sectors witnessed the highest surge year-over-year, with a jaw-dropping 49% increase, averaging 1,079 attacks per week.
During a parliamentary session in February, Rajeev Chandrashekhar, the Minister of State for Electronics and Information Technology, unveiled a staggering figure of 13.91 lakh cyber security incidents that ravaged India in the year 2022.
Shockingly, these statistics only account for incidents reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), leaving room for an even larger cyber battlefield in the country.
Highlighting the remarkable strides India has made in technology adoption, Sandeep Khanna, Director of Information Security and CISO at UIDAI (Unique Identification Authority of India), emphasized the pressing challenges faced in the cybersecurity landscape. He expressed concerns that the prioritization of security and privacy by design has been overshadowed in implementations, leading to vulnerabilities being exploited by threat actors.
“The increasing frequency and scale of data breaches underscore the critical need for robust cybersecurity measures across industries, government agencies, and individuals. Strengthening cybersecurity, fostering collaboration between stakeholders, and promoting cybersecurity awareness and education are essential for building a resilient digital ecosystem in India,” Sandeep Khanna told The Cyber Express.
Top 10 data breaches in India 2022-2023
1. Cyberattack on AIIMS: A lesson in vulnerability
In December 2022, responding to a query by Communist Party of India (Marxist) MP John Brittas, the Union government disclosed that the All India Institute of Medical Sciences (AIIMS) experienced a cyberattack, resulting in the encryption of approximately 1.3 terabytes of data across five servers.
The Minister of Electronics and Information Technology, Rajeev Chandrasekhar, stated that the incident was categorized as a “cyber security incident” caused by unauthorized access to AIIMS’ network due to improper network segmentation.
The Indian Computer Emergency Response Team (CERT-In) assessed the situation and recommended necessary measures to address the breach.
Meanwhile, in the Lok Sabha, the Minister of State for Health and Family Welfare, Bharati Pravin Pawar, revealed that the hackers did not demand a specific ransom amount but left a message on the server indicating a cyber attack.
The e-Hospital data was successfully restored from an unaffected backup server, and most application functionalities were reinstated after a two-week recovery period.
2. MoChhatua data breach: Government apps on the line
In May 2023, MoChhatua, a local governance app in India, fell victim to a data breach, as claimed by a hacker on a forum.
The threat actor asserted that the breach exposed sensitive user information such as names, emails, passwords, etc. The app, developed by the regional department of Women and child development in Odisha, aimed to digitize and manage the distribution of ration supplies to beneficiaries.
While The Cyber Express team had contacted the Odisha state government for confirmation, no official response was received.
Falcon Feeds, a threat intelligence service, shared an update on Twitter, including a screenshot of the hacker’s post containing the exposed data and a download link for the stolen information.
3. Zivame data breach: Exposing the intimates
Zivame, a popular online platform for women’s wear in India, experienced a significant data breach, leading to the personal information of thousands of its female customers being offered for sale on the internet.
The breach involved the data of approximately 1.5 million Zivame customers, including their names, email addresses, phone numbers, and physical addresses.
An investigation conducted by India Today’s Open Source Intelligence (OSINT) team revealed that a seller claiming to possess the data was willing to sell it for $500 in cryptocurrencies. To verify the authenticity of the data, the team posed as a potential customer and contacted the seller using a Telegram handle.
The seller provided a sample dataset containing the personal details of over 1,500 users as proof. It was emphasized that the data was not publicly available, and the seller insisted on receiving payment exclusively in cryptocurrency, a common practice in such illicit transactions.
4. Cyberabad police data leak: Unraveling the massive breach
Earlier this April, the Cyberabad Police served notices to over 11 organizations, including banks a social media giant, an IT services company, online insurance platform and more, in relation to a massive data breach that impacted 66.9 crore individuals and organizations throughout India.
In connection with the data theft, the police have apprehended Vinay Bhardwaj, an individual from Faridabad. Bhardwaj stands accused of engaging in activities involving the theft, possession, and sale of personal and confidential data belonging to individuals and organizations.
The stolen data included GST details, customer data from major organizations, and student data from educational technology companies.
The Cyberabad Police conducted an extensive investigation into the unauthorized database access and leakage, aiming to identify security loopholes and prevent future incidents.
The police have summoned representatives from the organizations to provide information about their database maintenance procedures, policies, and access permissions.
5. Swachhta platform hacked: Unveiling citizens’ secrets
In September 2022, the Swachh City platform, an initiative associated with the Swachh Bharat Mission and the Ministry of Housing and Urban Affairs, was hacked, putting the data of approximately 16 million users at risk.
The hackers, identified as LeakBase, compromised the platform, gaining access to critical information, including email addresses, password hashes, phone numbers, OTP information, login IPs, user tokens, and browser fingerprint data.
LeakBase is known to operate for financial gain and shared the stolen database, which is available for sale on the Dark Web.
The breach poses a significant threat as the compromised data can be exploited for phishing attacks, such as fake breach notice emails and social engineering to obtain more sensitive information.
Additionally, the stolen information could enable ransomware attacks, data exfiltration, and the sale of leads on cybercrime forums.
6. RentoMojo cyber attack: Rental industry and escalating threats
In April 2023, Rentomojo, a popular online rental platform in India, experienced a data breach that exposed the personal information of its customers.
The breach on April 20, 2023, allowed unauthorized access to Rentomojo’s database, putting users’ data at risk.
While Rentomojo assured customers that no financial information was compromised, concerns were raised when Reddit users reported receiving emails from a hacking group claiming to have access to financial data and personally identifiable information (PII).
This data breach in India has significant consequences, as the exposure of personal information leaves users vulnerable to identity theft and financial fraud.
Rentomojo took immediate action, including notifying authorities, seeking assistance from cybersecurity and legal experts, and enhancing their security systems.
CEO and co-founder Geetansh Bamania explained that the hackers exploited cloud misconfiguration to gain access to PII, emphasizing the importance of robust cloud security practices.
7. Sun Pharma cyber attack: Infiltrating the pillars of healthcare
Sun Pharmaceutical Industries, a leading Indian drugmaker, experienced a significant security breach impacting its business operations.
Sun Pharma disclosed the incident to the stock exchanges but did not disclose the name of the responsible group or the extent of the impact.
This incident marked the third high-profile cyber attack on a major Indian drugmaker in recent years, following similar breaches at Dr. Reddy’s Laboratories, Lupin, and the All India Institute of Medical Sciences.
While specific details regarding the attack’s origin and compromised data have not been shared, Sun Pharma confirmed that certain file systems were breached, and company and personal data was stolen.
The company took proactive measures to isolate its network and initiate the recovery process, but the incident’s full impact, potential adverse consequences, and associated expenses are yet to be determined.
8. BharatPay hacked: Breaching financial trust
In August 2022, BharatPay, a digital financial services provider in India, experienced a significant data breach resulting in the exposure of personal data and transaction details of approximately 37,000 users.
The compromised information includes user names, hashed passwords, mobile phone numbers, UPI IDs, and official email IDs of employees from Indian insurance and banking firms.
The breach was discovered on August 13 by XVigil, the threat intelligence arm of CloudSEK.
It was found that BharatPay’s backend database, containing customers’ personal information, bank balances, and transaction data spanning from February 2018 to August 2022, had been leaked on a cybercrime forum.
BharatPay operates across 11 states in India, serving customers and merchants through a network of over 50,000 retail outlets.
The significance of the data breach lies in the exposure of sensitive data such as user PII, financial information, and transaction records.
The leaked database also contained API keys of online bill payment facilitators and information related to SMS vendors.
Among the leaked information includes callback response logs containing sensitive details like phone numbers, transaction IDs, and bank balance amounts, which are crucial for financial transactions between entities.
9. RailYatri data breach: Millions of User Records Compromised
The cybersecurity of Indian Railways came into the spotlight once again after a recent breach at RailYatri, the e-booking services website.
More than 30 million user records associated with the train ticketing platform were discovered being sold on the dark web.
The breach, which occurred in December 2022, was revealed when a threat actor leaked a database on BreachForums, claiming it to be from RailYatri.
The leaked information included 31 million user records and 37,000 invoices. RailYatri had previously experienced a similar breach in 2020, affecting 700,000 users.
In response to the recent breach, RailYatri acknowledged the incident and assured users that no sensitive customer data had been compromised, although certain registered user information may have been accessed by unauthorized individuals.
RailYatri promptly resolved the breach and reported it to the authorities. The Railway Board urged all IRCTC business partners, including RailYatri, to conduct thorough system inspections.
10. CloudSEK data breach: A grim reminder
In December 2022, CloudSEK Info Security Pvt. Ltd., an Indian cybersecurity company, faced a targeted breach by a threat actor named ‘sedut.’
The attacker aimed to tarnish CloudSEK’s reputation within the cyber threat intelligence community. The threat actor claimed to have accessed sensitive data, including VPN credentials, source codes, and client information, which they advertised on cybercrime forums.
CloudSEK swiftly launched an investigation and determined that the compromised session cookies of a JIRA user led to the breach.
An employee’s infected laptop was responsible for stealing passwords and session cookies. The threat actor managed to infiltrate Confluence servers, the JIRA platform, purchase orders, social media accounts, and certain documents.
However, CloudSEK denied the claim of access to VPN credentials, customer data, and certain credentials.
The breach highlighted compromised VPN IP addresses, the company’s infrastructure, and exposed accounts. CloudSEK also clarified that certain claims made by the threat actor were obtained through internal documentation or Confluence access.
Conclusion: Fighting against data breaches in India
The period of 2022-2023 witnessed several significant data breaches in India, exposing the vulnerabilities of organizations and the potential risks associated with the digital age.
It has become evident that cybercriminals are becoming more sophisticated and relentless in their pursuit of valuable data, targeting a wide range of sectors, including finance, healthcare, and government organizations.
The series of significant data breaches during this period highlight the need for robust cybersecurity measures, increased awareness, and proactive measures to protect sensitive information.
In a brief interaction with The Cyber Express, Joint Director(IT and Cyber Security) Govt of India Ametabh Bhadwaj highlighted that while India country is confronted with distinctive cybersecurity challenges, these challenges also present an opportunity to make significant advancements and establish strong digital defenses.
“While our country faces unique challenges in their cybersecurity landscape, we also have the opportunity to leapfrog and build robust digital defenses by prioritizing education, capacity building, and collaboration between sectors. By investing in cybersecurity, we can protect our critical infrastructure, empower their citizens, and contribute to a safer and more secure Digital Bharat,” Ametabh Bhadwaj told The Cyber Express.
The Cyber Express also reached out to Col (Dr.) Inderjeet Singh, CCO of Vara and Co-Founder of India Blockchain Forum for this thought on these alarming trends.
In the rapidly evolving digital landscape of India, emerging cybersecurity threats presents a compelling call to action and demands our unwavering attention. Strengthening our cyber defenses becomes imperative, as we navigate to the ever-changing cyber risks and combat malicious actors. By safeguarding the integrity and resilience of our digital infrastructure, we can embrace the digital future with confidence, ensuring the protection of our nation’s progress and the security of our citizens.
These top 10 data breaches in India serve as a wake-up call for businesses and individuals, emphasizing the importance of implementing stringent security protocols.
