CSO Online tracks recent major data breaches in India. Credit: AndreyPopov / Getty Images Over 313,000 cybersecurity incidents were reported in 2019 alone, according to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats.Here, we take a look at some of the biggest recent cybersecurity attacks and data breaches in India.Air India data breach highlights third-party riskDate: May 2021Impact: personal data of 4.5 million passengers worldwide Details: A cyberattack on systems at airline data service provider SITA resulted in the leaking of personal data of of passengers of Air India. The leaked data was collected between August 2011 and February 2021, when SITA informed the airline. Passengers didn’t hear about it until March, and had to wait until May to learn full details of what had happened. The cyber-attack on SITA’s passenger service system also affected Singapore Airlines, Lufthansa, Malaysia Airlines and Cathay Pacific.CAT burglar strikes again: 190,000 applicants’ details leaked to dark webDate: May 2021 Impact: 190,000 CAT applicants’ personal detailsDetails: The personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test, used to select applicants to the Indian Institutes of Management (IIMs), were leaked and put up for sale on a cybercrime forum. Names, dates of birth, email IDs, mobile numbers, address information, candidates’ 10th and 12th grade results, details of their bachelor’s degrees, and their CAT percentile scores were all revealed in the leaked database.The data came from the CAT examination conducted on 29 November 2020 but according to security intelligence firm CloudSEK, the same thread actor also leaked the 2019 CAT examination database.Hacker delivers 180 million Domino’s India pizza orders to dark webDate: April 2021Impact: 1 million credit card records and 180 million pizza preferencesDetails: 180 million Domino’s India pizza orders are up for sale on the dark web, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock. Gal found someone asking for 10 bitcoin (roughly $535,000 or ₹4 crore) for 13TB of data that they said included 1 million credit card records and details of 180 million Dominos India pizza orders, topped with customers’ names, phone numbers, and email addresses. Gal shared a screenshot showing that the hacker also claimed to have details of the Domino’s India’s 250 employees, including their Outlook mail archives dating back to 2015.Jubilant FoodWorks, the parent company of Domino’s India, told IANS that it had experienced an information security incident, but denied that its customers’ financial information was compromised, as it does not store credit card details. The company website shows that it uses a third-party payment gateway, PayTM.Trading platform Upstox resets passwords after breach reportDate: April 2021Impact: All Upstox customers had their passwords reset Details: Indian trading platform Upstox has openly acknowledged a breach of know-your-customer (KYC) data. Gathered by financial services companies to confirm the identity of their customers and prevent fraud or money laundering, KYC data can also be used by hackers to commit identity theft.On April 11, Upstox told customers it would reset their passwords and take other precautions after it received emails warning that contact data and KYC details held in a third-party data warehouse may have been compromised.Upstox apologised to customers for the inconvenience, and sought to reassure them it had reported the incident to the relevant authorities, enhanced security and boosted its bug bounty program to encourage ethical hackers to stress-test its systems.Police exam database with information on 500,000 candidates goes up for saleDate: February 2021Impact: 500,000 Indian police personnelDetails: Personally identifiable information of 500,000 Indian police personnel was put up for sale on a database sharing forum. Threat intelligence firm CloudSEK traced the data back to a police exam conducted on 22 December, 2019.The seller shared a sample of the data dump with the information of 10,000 exam candidates with CloudSEK. The information shared by the company shows that the leaked information contained full names, mobile numbers, email IDs, dates of birth, FIR records and criminal history of the exam candidates.Further analysis revealed that a majority of the leaked data belonged to candidates from Bihar. The threat-intel firm was also able to confirm the authenticity of the breach by matching mobile numbers with candidates’ names.This is the second instance of army or police workforce data being leaked online this year. In February, hackers isolated the information of army personnel in Jammu and Kashmir and posted that database on a public website.COVID-19 test results of Indian patients leaked onlineDate: January 2021Impact: At least 1500 Indian citizens (real-time number estimated to be higher)Details: COVID-19 lab test results of thousands of Indian patients have been leaked online by government websites.What’s particularly worrisome is that the leaked data hasn’t been put up for sale in dark web forums, but is publicly accessible owing to Google indexing COVID-19 lab test reports.First reported by BleepingComputer, the leaked PDF reports that showed up on Google were hosted on government agencies’ websites that typically use *.gov.in and *.nic.in domains. The agencies in question were found to be located in New Delhi.The leaked information included patients’ full names, dates of birth, testing dates and centers in which the tests were held. Furthermore, the URL structures indicated that the reports were hosted on the same CMS system that government entities typically use for posting publicly accessible documents.Niamh Muldoon, senior director of trust and security at OneLogin said: “What we are seeing here is a failure to educate and enable employees to make informed decisions on how to design, build, test and access software and platforms that process and store sensitive information such as patient records.”He added that the government ought to take quick measures to reduce the risk of a similar breach from reoccurring and invest in a comprehensive information security program in partnership with trusted security platform providers.User data from Juspay for sale on dark webDate: January 2021Impact: 35 million user accountsDetails: Details of close to 35 million customer accounts, including masked card data and card fingerprints, were taken from a server using an unrecycled access key, Juspay revealed in early January. The theft took place last August, it said.The user data is up for sale on the dark web for around $5000, according to independent cybersecurity researcher Rajshekhar Rajaharia. BigBasket user data for sale onlineDate: October 2020Impact: 20 million user accountsDetails: User data from online grocery platform BigBasket is for sale in an online cybercrime market, according to Atlanta-based cyber intelligence firm Cyble.Part of a database containing the personal information of close to 20 million users was available with a price tag of 3 million rupees ($40,000), Cyble said on November 7.The data comprised names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses. Cyble said it found the data on October 30, and after comparing it with BigBasket users’ information to validate it, reported the apparent breach to BigBasket on November 1.Unacademy learns lesson about securityDate: May 2020Impact: 22 million user accountsDetails: Edutech startup Unacademy disclosed a data breach that compromised the accounts of 22 million users. Cybersecurity firm Cyble revealed that usernames, emails addresses and passwords were put up for sale on the dark web.Founded in 2015, Unacademy is backed by investors including Facebook, Sequoia India and Blume Ventures.Hackers steal healthcare records of 6.8 million Indian citizensDate: August 2019Impact: 68 lakh patient and doctor recordsDetails: Enterprise security firm FireEye revealed that hackers have stolen information about 68 lakh patients and doctors from a health care website based in India. FireEye said the hack was perpetrated by a Chinese hacker group called Fallensky519.Furthermore, it was revealed that healthcare records were being sold on the dark web – several being available for under USD 2000.Local search provider JustDial exposes data of 10 crore usersDate: April 2019Impact: personal data of 10 crore users releasedDetails: Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users made publicly available, including their names, email ids, mobile numbers, gender, date of birth and addresses, an independent security researcher said in a Facebook post.SBI data breach leaks account details of millions of customersDate: January 2019Impact: three million text messages sent to customers divulgedDetails: An anonymous security researcher revealed that the country’s largest bank, State Bank of India, left a server unprotected by failing to secure it with a password.The vulnerability was revealed to originate from ‘SBI Quick’ – a free service that provided customers with their account balance and recent transactions over SMS. Close to three million text messages were sent out to customers. Related content feature What should be in a company-wide policy on low-code/no-code development Low-code/no-code development could bridge the gulf of development backlogs that exists between great ideas and great execution of digital innovation. But not without security policies around areas like access control, code quality, and application vi By Ericka Chickowski Dec 06, 2023 15 mins Application Security Application Security Security Practices news analysis Cisco unveils AI-powered assistants to level up security defenses New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assess traffic without decryption. By Rosalyn Page Dec 05, 2023 5 mins Encryption Cloud Security brandpost Sponsored by Microsoft Security How Microsoft and Amazon are expanding the fight against international tech support fraud By partnering with other companies to share vital information and resources, Microsoft is taking the fight to ever-evolving support fraud in 2024…and beyond. By Microsoft Security Dec 05, 2023 1 min Security news analysis Russia's Fancy Bear launches mass credential collection campaigns The campaigns exploit Outlook and WinRAR flaws to target government, defense, and other entities, and they represent a change of tactic for the APT28 group. By Lucian Constantin Dec 05, 2023 5 mins Advanced Persistent Threats Critical Infrastructure Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe