Over 313,000 cybersecurity incidents were reported in 2019 alone, according\u00a0to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats.Here, we take a look at some of the biggest recent cybersecurity attacks and data breaches in India.Air India data breach highlights third-party riskDate:\u00a0May 2021Impact: personal data of 4.5 million passengers worldwideDetails: A cyberattack on systems at airline data service provider SITA resulted in the leaking of personal data of of passengers of Air India. The leaked data was collected between August 2011 and February 2021, when SITA informed the airline. Passengers didn't hear about it until March, and had to wait until May to learn full details of what had happened.\u00a0The cyber-attack on SITA\u2019s passenger service system also affected Singapore Airlines, Lufthansa, Malaysia Airlines and Cathay Pacific.CAT burglar strikes again: 190,000 applicants\u2019 details leaked to dark webDate:\u00a0May 2021Impact:\u00a0190,000 CAT applicants\u2019 personal detailsDetails:\u00a0The personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test, used to select applicants to the Indian Institutes of Management (IIMs), were leaked and put up for sale on a cybercrime forum. Names, dates of birth, email IDs, mobile numbers, address information, candidates\u2019 10th and 12th grade results, details of their bachelor\u2019s degrees, and their CAT percentile scores were all revealed in the leaked database.The data came from the\u00a0CAT examination conducted on 29 November 2020 but according to security intelligence firm CloudSEK, the same thread actor also leaked\u00a0the 2019 CAT examination database.Hacker delivers 180 million Domino\u2019s India pizza orders to dark webDate: April 2021Impact: 1 million credit card records and 180 million pizza preferencesDetails: 180 million Domino\u2019s India pizza orders are up for sale on the dark web, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock.Gal found someone asking for 10 bitcoin (roughly $535,000 or\u00a0\u20b94 crore) for 13TB of data that they said included 1 million credit card records and details of 180 million Dominos India pizza orders, topped with customers\u2019 names, phone numbers, and email addresses.\u00a0Gal shared a screenshot showing that the hacker also claimed to have details of the Domino\u2019s India\u2019s 250 employees, including their Outlook mail archives dating back to 2015.Jubilant\u00a0FoodWorks, the parent company of Domino\u2019s India, told IANS that it had experienced an information security incident, but denied that its customers\u2019 financial information was compromised, as it does not store credit card details.\u00a0The company website shows that it uses a third-party payment gateway, PayTM.Trading platform Upstox resets passwords after breach reportDate: April 2021Impact: All Upstox customers had their passwords resetDetails: Indian trading platform Upstox has openly acknowledged a breach of know-your-customer (KYC) data. Gathered by financial services companies to confirm the identity of their customers and prevent fraud or money laundering, KYC data can also be used by hackers to commit identity theft.On April 11, Upstox told customers it would reset their passwords and take other precautions after it received emails warning that contact data and KYC details held in a third-party data warehouse may have been compromised.Upstox apologised to customers for the inconvenience, and sought to reassure them it had reported the incident to the relevant authorities, enhanced security and boosted its bug bounty program to encourage ethical hackers to stress-test its systems.Police exam database with information on 500,000 candidates goes up for saleDate: February 2021Impact: 500,000 Indian police personnelDetails: Personally identifiable information of 500,000 Indian police personnel was put up for sale on a database sharing forum. Threat intelligence firm CloudSEK traced the data back to a police exam conducted on 22 December, 2019.The seller shared a sample of the data dump with the information of 10,000 exam candidates with CloudSEK. The information shared by the company shows that the leaked information contained full names, mobile numbers, email IDs, dates of birth, FIR records and criminal history of the exam candidates.Further analysis revealed that a majority of the leaked data belonged to candidates from Bihar. The threat-intel firm was also able to confirm the authenticity of the breach by matching mobile numbers with candidates\u2019 names.This is the second instance of army or police workforce data being leaked online this year. In February, hackers isolated the information of army personnel in Jammu and Kashmir and posted that database on a public website.COVID-19 test results of Indian patients leaked onlineDate: January 2021Impact: At least 1500 Indian citizens (real-time number estimated to be higher)Details: COVID-19 lab test results of thousands of Indian patients have been leaked online by government websites.What\u2019s particularly worrisome is that the leaked data hasn\u2019t been put up for sale in dark web forums, but is publicly accessible owing to Google indexing COVID-19 lab test reports.First reported by BleepingComputer, the leaked PDF reports that showed up on Google were hosted on government agencies\u2019 websites that typically use *.gov.in and *.nic.in domains. The agencies in question were found to be located in New Delhi.The leaked information included patients\u2019 full names, dates of birth, testing dates and centers in which the tests were held. Furthermore, the URL structures indicated that the reports were hosted on the same CMS system that government entities typically use for posting publicly accessible documents.Niamh Muldoon, senior director of trust and security at OneLogin said: \u201cWhat we are seeing here is a failure to educate and enable employees to make informed decisions on how to design, build, test and access software and platforms that process and store sensitive information such as patient records.\u201dHe added that the government ought to take quick measures to reduce the risk of a similar breach from reoccurring and invest in a comprehensive information security program in partnership with trusted security platform providers.User data from Juspay for sale on dark webDate: January 2021Impact: 35 million user accountsDetails:\u00a0Details of\u00a0close to 35 million customer accounts, including masked card data and card fingerprints, were taken from a server using an unrecycled access key, Juspay revealed in early January. The theft took place last August, it said.The user data is up for sale on the dark web for around $5000, according to independent cybersecurity researcher\u00a0Rajshekhar Rajaharia.\u00a0BigBasket user data for sale onlineDate: October 2020Impact: 20 million user accountsDetails:\u00a0User data from online grocery platform BigBasket is for sale in an online cybercrime market, according to Atlanta-based cyber intelligence firm Cyble.Part of a database containing the personal information of close to 20 million users was available with a price tag of 3 million rupees ($40,000), Cyble said on November 7.The data comprised names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses. Cyble said it found the data on October 30, and after comparing it with BigBasket users\u2019 information to validate it, reported the apparent breach to BigBasket on November 1.Unacademy learns lesson about securityDate: May 2020Impact: 22 million user accountsDetails:\u00a0Edutech startup Unacademy disclosed a data breach that compromised the accounts of 22 million users. Cybersecurity firm Cyble revealed that usernames, emails addresses and passwords were put up for sale on the dark web.Founded in 2015, Unacademy is backed by investors including Facebook,\u00a0Sequoia India and Blume Ventures.Hackers steal healthcare records of 6.8 million Indian citizensDate: August 2019Impact: 68 lakh patient and doctor recordsDetails: Enterprise security firm FireEye revealed that hackers have stolen information about 68 lakh patients and doctors from a health care website based in India. FireEye said the hack was perpetrated by a Chinese hacker group called Fallensky519.Furthermore, it was revealed that healthcare records were being sold on the dark web \u2013 several being available for under USD 2000.Local search provider JustDial exposes data of 10 crore usersDate: April 2019Impact: personal data of 10 crore users releasedDetails:\u00a0Local search service JustDial faced a data breach on Wednesday, with data of more than 100 million users made publicly available, including their names, email ids, mobile numbers, gender, date of birth and addresses, an independent security researcher said in a Facebook post.SBI data breach leaks account details of millions of customersDate: January 2019Impact: three million text messages sent to customers divulgedDetails:\u00a0An anonymous security researcher revealed that the country\u2019s largest bank, State Bank of India, left a server unprotected by failing to secure it with a password.The vulnerability was revealed to originate from \u2018SBI Quick\u2019 \u2013 a free service that provided customers with their account balance and recent transactions over SMS. Close to three million text messages were sent out to customers.