In November 2020, cybersecurity service provider Kaspersky had forecast an increase in the number of cybercriminal activities in India during 2021. With the wider adoption and acceptance of digitization in the year gone by, a large number of end-users was expected to join the digital bandwagon. It was only a matter of time for Kaspersky’s prediction to come true. However, what no one probably anticipated was that big names like Air India and Domino’s would fall prey to these nefarious cybercriminal activities.
Here’s a look at the five biggest data breaches in India that took place in the year 2021, so far.
1Domino’s India Data Breach
When: April 2021
Records Impacted: 180 million order details
Data Breached: Name, e-mail, mobile number, order numbers, delivery address, GPS location
Domino’s Pizza is one of the most popular pizza chains in India. However, a preliminary report from UpGuard had awarded Domino’s Pizza’s security posture a “B-grade” rating. It scored 713 out of 950 points, which were awarded based on UpGuard’s internal parameters and standards. This came to haunt Domino’s India in April 2021 as a data breach discovery was brought to light by Alon Gal, a renowned cybersecurity researcher and chief technical officer at an Israeli cybersecurity firm, Hudson Rock.
According to Gal’s findings, apart from the order (180 million) and credit card (1 million) details, threat actors claimed to have critical insider data of Domino’s India’s 250 employees across various departments such as IT, legal, finance, marketing, operations, etc. The threat actors behind the leak published a sale post on an underground forum demanding 50 Bitcoins from the pizza giant if it did not want the data to “go public.”
2MobiKwik Data Leak
When: February 2021
Records Impacted: 110 million
Data Breached: KYC, passport, e-mail, phone number, PAN and Aadhaar details
The MobiKwik data breach was first reported by an independent security researcher, Rajshekhar Rajaharia, in February 2021. As per Rajaharia’s series of tweets, data of 11 crore (110 million) Indian cardholders was leaked from a company server in India, and the initial leak contained 6 TB of KYC data and 350 GB of compressed MySQL dump. However, MobiKwik thwarted his claims stating, “We thoroughly investigated his allegations and did not find any security lapses.”
However, another researcher going by the name “Elliot Anderson,” on March 29, 2021, tweeted that MobiKwik’s data was indeed breached and the threat actor had subsequently created a forum on the dark web for its sale. Given the growing number of voices against them, MobiKwik eventually stated that “it will get a third party to conduct a forensic data security audit,” yet, reiterated that all their customer data was safe and that no MobiKwik user accounts and/or wallets were affected due to the alleged incident.
3Upstox Data Breach
When: April 2021
Records Impacted: 2.5 million
Data Breached: Name, e-mail, mobile number, Aadhaar and bank account details
Just when the dust of the MobiKwik data breach was beginning to settle, another big banner data breach took center stage. This time it was India’s second-largest stockbroker, Upstox. Out of the total user base of nearly three million users, reportedly two and a half million were affected in the alleged data breach, which was perpetrated by the notorious threat group “ShinyHunters.”
According to Rajaharia, who incidentally also found this data breach through a darknet forum, Upstox’s data breach reason was similar to the MobiKwik incident. In both cases, the company’s Amazon Web Service (AWS) key was compromised, which led to illicit access to its database.
4Air India Data Breach
When: February 2021
Records Impacted: 4.5 million
Data Breached: Name, passport, credit card details, birth dates, contact information, passport information, ticket information, and Air India’s frequent flyer data
Recently, one of India’s premier national airlines, Air India, revealed that it sustained a sophisticated data breach in February 2021. The breach impacted over 4.5 million of its passengers globally and was attributed to a compromise in its data management service provider SITA Passenger Service System (SITA PSS).
SITA PSS, which is responsible for storing and processing of personal information of Air India passengers, leaked nearly a decade worth of critical passenger information to the threat actors. However, the company said that there were no signs of any misuse of users’ leaked data and urged passengers to update their passwords at the earliest to avoid any security risks. SITA provides services to several global airlines, and hence, Star Alliance and One World airlines group were also impacted by this data breach.
5Juspay Data Leak
When: January 2021
Records Impacted: 35 million
Data Breached: “non-anonymized” customers’ user metadata information containing email IDs and phone numbers
Initially, on January 3, 2021, Rajaharia first revealed the findings of the Juspay data breach stating that the data of 10 crore (100 million) Indian cardholders was up for sale on the darknet. However, Juspay quickly corrected these numbers stating that only 35 million records were compromised, as opposed to the claims of 100 million, which was “grossly inaccurate.”
The company further added that although 35 million credit and debit card details were leaked, it included only masked card data, meaning, six digits out of 16-digit card numbers were masked (hashed). Apart from this, the only non-anonymized form of data leaked during the data breach was the plain text email ID and phone numbers. When Juspay’s incident response team investigated the incident, it found the root cause to be an unrecycled access key behind the mega data breach incident.
Though data breaches across the globe have seen a sudden spike since the pandemic hit, growing cyberthreat incidents in India call for better security solutions by small, medium, and big businesses. Enhancing security posture and protecting customer data is more vital than ever.