A look at data breaches, cyberattacks India saw in 2019

A CIO survey found that 69 per cent of Indian organisations are at risk of data breaches. Data breaches cost Indian organisations an average of around Rs 12.8 crore, from July 2018 to April 2019, as per an IBM report. India ranked 15th in terms of ‘total cost of breach’, as mentioned in the 2019 Cost of a Data Breach Report.

Here are major data breaches that slewed the cybersecurity technology in 2019.

Aadhaar details leak

Information of 6.7 million LPG brand- Indane’s users was leaked, as revealed by French cybersecurity expert- Anderson, who highlighted the loopholes in Aadhaar database security. The beginning of the year witnessed breaching of personal data - names, addresses and Aadhaar numbers of the users.

Aadhaar data of thousands of farmers’ was compromised this year. The leaked database included private information of Andhra Pradesh farmers like mobile numbers, caste, village division, and their Aadhaar number, as reported by French cybersecurity expert- Baptiste Robert. The government had leaked the data in 2018 too. Another case of leaked Aadhaar details had TechCrunch claiming that the Unique Identification Numbers (UIN) of 1,66,000 government workers were left exposed, without a password on Jharkhand government’s website.

Malware attack on Kudankulam Nuclear Power Plant (KKNPP)

On October 20, authorities confirmed that India's largest nuclear power station in Kudankulam fell victim to a cyber spy attack, by the North Korean hacker group- Lazarus. They were allegedly willing to grab information on thorium-based reactors, an alternative to uranium. However, The National Power Corporation of India (NPCI) initially denied the news but later admitted that one of the computers may have been sabotaged. The malware ‘Dtrack’ took advantage of the loopholes in security systems. The attack on KKNPP reflected that a multi-layered defence system is required to shield from the new trend of ‘cyberattacks’.

Indian journalists, activists spied on by Israeli spyware Pegasus

Scores of academicians, lawyers, activists and journalists in India were informed by WhatsApp that they were under scrutiny, which sparked a furore among them.

WhatsApp alleged that the NSO Group built and sold a hacking malware that took advantage of a flaw in the servers. The spyware, called Pegasus helped government spies to hack into phones of around 1,400 users, spread across four continents. Pegasus allowed spies to remotely access everything on the phone. But after the news of cyberattacks rolled out in May, WhatsApp announced updating new security features to their systems.

Facebook database leak data of 419 million users

Earlier this year, the news of malicious applications leaking personal data of Facebook and Twitter users to third parties, broke. Insecure databases revealed the phone numbers of 419 million users linked to their Facebook accounts. Facebook confirmed that millions of unencrypted passwords were stored online in plain text, as per an advisory issued by Cert-In.
Some leaked data also included the user's name, gender, and location.

Demand for stricter laws

Considering the incidents to be 'unprecedented,' the privacy experts demand stricter laws regarding online surveillance. With the onset of such cyberattacks, they predict that the hacking business could boost considerably in the next year. Thus, the government introduced Personal Data Protection Bill, 2019 which seeks to empower the government to ask companies like Facebook, Google and others for anonymised personal and non-personal data, especially when national security is involved. There is also a provision for obtaining non-personal data without consent, for government services and policy formulation.