India Struggles To Safeguard Data: Recurring Cases Of Data Breach

Data, the valuable asset of information age, is tricky to hold and even more strenuous to guard. With the data breaches in 2020 in India having increased by 37% compared to the first quarter of 2019, the techworld gapes with a staunch dilemma when the fraudsters feed on their databases slowly. The minimum total cost of the leaks in India reached up to Rs 14 crore in 2020 as reported by IBM study. This statistic puts India as the one of the top countries in cybercrime. The Work from Home (WFH) scenario has led to a massive digital shift. According to a digital monitoring firm, 15 billion credentials are up for sale with the close of the pandemic spawned lockdown.

The e-grocery BigBasket data leak is believed to be the biggest loot in the Indian cyberspace. A global security firm reported that the information of 20 million user accounts in the cybercrime market. The breach manifested on October 30th, 2020 and was soon put on sale for 3 million rupees. The news was confirmed only by November 7th when the company agreed to the leak. A month preceding this, six major breaches that shook users into senses were reported. These include cases such as sweet seller Haldiram Snacks Pvt Ltd, PM Modi’s personal website narendramodi.in, online matrimonial service Bharat Matrimony and Indian Railways’ online ticketing portal IRCTC. Dr Reddy’s Laboratories and e-commerce company Paytm Mall also witnessed cyber-attacks later in the year.

The situation in India, with relevant requirements of online data but without adequate rules and regulations to check, is cumbersome for the country as a whole. Indian Cyber law only a single act in store, the Information Technology act of 2000, that defines cybersecurity only as a lip service to the cyber security legal framework. By studying the plenty of cases reported in the last two years, the pattern shows the focus of attacks at the government agencies and registers, putting out the fact that our national databases are unsuccessful in protecting their sensitive data.

Data breaches from government websites is a matter of great concern for our nation. The official data including the voter's ID number, Aadhar card details such as fingerprints and retina scan, and health reports are all zooming around in parts of the dark web with a tag 'for sale'. The database leak of the Police department's examination of 5 lakh candidates was kept on sale in the database sharing forum of the dark web in the end of 2019. The leak was traced on 22 December 2019. The information is found to be of the candidates from Bihar who attempted the examination.

The National Health systems that compile the medical history, blood group and blood test charts source the base of our economy. The healthcare records of 68 lakh patients and doctors leaked in August 2019 as reported by Chinese hacker group Fallensky519. A similar situation surfaced when

the COVID -19 test results of Indian patients were accessible in Google index this year. The information was not even commercialized but kept open for 'access'. The incident unfolded in January 2021 where the lack of security of government websites again led to the wrecked data.

The amount of data leak has not plummeted still in India. The Payment app MobiKwik on 29th March 2021 came under limelight for an alleged data leak that is said to have exposed close to 8.2 terabytes of data, including know-your-customer (KYC) details, addresses, phone numbers, Aadhaar card data of its users on the dark web. However, the company has denied the breach. Even if the information was out in February, due to the company's ignorance to accept, now a link is circulating in the dark web disclosing the personal details.

The situation in Indian cyberspace is worsening as we ponder on the topic of the data breach matters in India. Yet, stringent laws, cybersecurity awareness and acknowledgement of victimization by various malicious activities can curb the condition. It is high time we act for our own safety and privacy because, honestly as spoken by researchers, there is nothing the user can do once the data is out.