Are you leading a small organization and think data security is a sector not worth to invest? Then this blog is for you. I think your idea will change when you read the blog to the end.
Indian Business Firms Are Reluctant to Invest In Data Security Plans
The Indian business market is dominated by small to medium businesses, and malware attacks threaten a large portion of them. Small businesses think that their team size won’t attract attackers, and for this reason, they are not ready to invest a part of their operational expenses into data security. Moreover, the businesses are not ready to develop an incident response plan, and so when an attack happens, they become clueless about their next step.
3 Major Data Leak Incidents in India
1.Juspay Data Leak
Date: August 2020
Impact: 3.5 crore user data including masked-card data and card fingerprint
Monetary Value: The data was offered for selling on the dark web in exchange for $8000
Company Intro: Juspay is a tech company that provides digital solutions to mobile payers. Though this is not a payment gateway, it works with the other payment gateway through its mobile payment browsers. Juspay is associated with some of the most notable online portals, including Amazon, Swiggy, Ola, BookMyShow, and Mobikwik.
Incident: The company was alerted by an unusual user increase in one of the servers of its’ payment system. After the discovery, the company closed the intrusion point by closing the server. After that, they conducted a thorough data audit and found that almost 3.5 crore users data were leaked. Later it is found by a cybersecurity analyst that more than 10 crores of user\’s data have been accessed by the attackers, and they were offered for selling on the dark web.
2. Unacademy Data Breach
Date: January 2020
Impact: 2 crore users data including last name, first name, phone number, Facebook ID, DoB.
Monetary Value: The data was offered on the dark web for selling in exchange for $2000
Company Intro: Unacdemy is one of the biggest online educational platforms in India
Incident: On 3rd May 2020, a US-based data security firm called Cyble found that hackers got access to the whole database of Unacademy, and in the most probable cause, retrieved the entire data of the database. After retrieving the data, they offered to sell users\’ data on the dark web at that time. But more concerning is that they got access to the other data as well and can use them in the future for malicious purposes.
3. Upstox Data Breach
Date: April 2021
Impact: Minimum of 25 lakh users\’ data was accessed by the attackers, including Aadhar number, PAN number, and bank details that have soft copies of KYC with signature (The company did not disclose the exact figure).
Monetary Value: The attackers asked for $1.2 million ransoms in the dark web.
Company Intro: Upstox is a mobile-based trading application platform that provides users the opportunity to trade in equities, commodities, and currencies for BSE, NSE, and MCX.
Incident: The incident came to light when the spokesperson of Upstox stated that the company had revised its internet security strategy after getting emails mentioning unauthorized access to their database. Even though the broker confirmed that it upgraded its security system by revising the security measures, but the damage was already done.
The companies working with the user’s data need to work with a robust security system and conduct regular data audits to avoid monetary loss and reputational damage.