The biggest data breaches in India

CSO Online tracks recent major data breaches in India.

Networking cables viewed through a magnifying lens reveal a data breach.
AndreyPopov / Getty Images

Over 313,000 cybersecurity incidents were reported in 2019 alone, according to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats.

Here, we take a look at some of the biggest recent cybersecurity attacks and data breaches in India.

User data from Juspay for sale on dark web

Date: January 2020

Impact: 35 million user accounts

Details: Details of close to 35 million customer accounts, including masked card data and card fingerprints, were taken from a server using an unrecycled access key, Juspay revealed in early January. The theft took place last August, it said.

The user data is up for sale on the dark web for around $5000, according to independent cybersecurity researcher Rajshekhar Rajaharia. 

BigBasket user data for sale online

Date: October 2020

Impact: 20 million user accounts

Details: User data from online grocery platform BigBasket is for sale in an online cybercrime market, according to Atlanta-based cyber intelligence firm Cyble.

Part of a database containing the personal information of close to 20 million users was available with a price tag of 3 million rupees ($40,000), Cyble said on November 7.

The data comprised names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses. Cyble said it found the data on October 30, and after comparing it with BigBasket users’ information to validate it, reported the apparent breach to BigBasket on November 1.

Unacademy learns lesson about security

Date: May 2020

Impact: 22 million user accounts

Details: Edutech startup Unacademy disclosed a data breach that compromised the accounts of 22 million users. Cybersecurity firm Cyble revealed that usernames, emails addresses and passwords were put up for sale on the dark web.

Founded in 2015, Unacademy is backed by investors including Facebook, Sequoia India and Blume Ventures.

Hackers steal healthcare records of 6.8 million Indian citizens

Date: August 2019

Impact: 68 lakh patient and doctor records

Details: Enterprise security firm FireEye revealed that hackers have stolen information about 68 lakh patients and doctors from a health care website based in India. FireEye said the hack was perpetrated by a Chinese hacker group called Fallensky519.

Furthermore, it was revealed that healthcare records were being sold on the dark web – several being available for under USD 2000.

Local search provider JustDial exposes data of 10 crore users

Date: April 2019

Impact: personal data of 10 crore users released

Details: Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users made publicly available, including their names, email ids, mobile numbers, gender, date of birth and addresses, an independent security researcher said in a Facebook post.

SBI data breach leaks account details of millions of customers

Date: January 2019

Impact: three million text messages sent to customers divulged

Details: An anonymous security researcher revealed that the country’s largest bank, State Bank of India, left a server unprotected by failing to secure it with a password.

The vulnerability was revealed to originate from ‘SBI Quick’ – a free service that provided customers with their account balance and recent transactions over SMS. Close to three million text messages were sent out to customers.

Copyright © 2021 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.