Biggest Cyber Breaches in India

We live in the digital era. Now, almost everything is possible online as every other organization is going digital to grow its business. However, with digital well-being comes the threat of a cyber breach. As per a report, India ranks third globally in terms of cyber breaches with 86 million cyber breaches in 2021. Here are some of the biggest cyber breaches that took place in India between 2019 and 2021.

Read more

Please share some basic details

Step 1/2
Are you buying the policy for?
Or Contact us on: 1800-309-0988
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms Of Use, and also provide us a formal mandate to represent you to the insurer and communicate to you the grant of a cover.

Just a step away from the quotes
Step 2/2

Popular Cities

Are you buying Cyber Insurance policy for the first time?
Or Contact us on: 1800-309-0988
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms of Use, and also provide us a formal mandate to represent you to the insurer and communicate to you the grant of a cover.

SBI Data Breach (January 2019)

A security researcher anonymously revealed that the largest bank in the country State Bank of India did not protect a server with a password. SBI Quick is a free service that provides customers with their recent transactions and account balance information over text messages. Over 3 million text messages were sent to the customers.

JustDial Data Breach (April 2019)

JustDial is a local search service platform that provides you the information related to anything. JustDial has to face a data breach in April 2019. In this data breach, more than 100 million users' data was compromised and it was made publically available. The data includes names, mobile numbers, email IDs, date of birth, gender, and addresses. It was revealed by an independent security researcher on a Facebook post.

Healthcare Records Breach (August 2019)

FireEye is an Enterprise security firm. The firm revealed that hackers have breached and stolen information about 68 lakh patients and doctors from an Indian healthcare website. As per FireEye, the hack was perpetrated in China and the name of this hacking group is Fallensky519. 

The hacker group sold the healthcare records on the dark web and some of the information related to patients and doctors were available for USD 2000.

Unacademy Data Breach (May 2020)

Unacademy is an online education platform. It was founded in 2015 and was backed by investors such as Facebook, Blume Ventures and Sequoia India. The company disclosed that a cyber breach took place that compromised the accounts of 22 million users registered on their website. A cyber security firm called Cyble revealed that data such as usernames, email addresses and passwords were put on the dark web for sale.

Bigbasket For Sale on Dark Web (October 2020)

Big Basket is an online grocery platform. According to the cyber intelligence firm Cyble, BigBasket has been put on sale in an online cybercrime market. Also, a part of a database that includes personal data of almost 20 million users was available at USD 40,000.

Cyble validated the data that was up for sale with BigBasket and reported the breach to BigBasket on November 1. The data included names, PINs, mobile numbers, email IDs, date of birth, IP addresses and locations. 

Juspay for Sale on Dark Web (January 2021)

Juspay is an online platform that was designed to be used for mobile-based payments. Juspay revealed in January 2021, that data included masked card data and card fingerprints of 35 million customers were hacked from a server. The data was hacked using an unrecycled access key. The data was set for sale on dark web for USD 5000 as per cyber security researcher Rajshekhar Rajaharia.

Covid-19 Test Results of Indians (January 2021)

Indian government leaked Covid-19 lab test results of around 1500 Indian patients. The thing to worry about here is that the data was not put on sale on the dark web but made publicly available owing to Google indexing. 

It was first reported by BleepingComputer, the PDF reports were leaked showed up on Google. These PDF files were hosted by Government agencies’ websites that used “gov.in” and “nic.in” domains. Later these agencies ere found to be located in New Delhi.

The leaked data included Names, DOB, test dates and the center they got tested. Also, the structure of the URLs indicated that the CMS system on which the reports were hosted was the same as the government uses for posting documents that are accessible by anyone.

Senior director of OneLogin Niamh Muldoon said that what is being witnessed here is the failure teach employees how to build software and then test and access it also platforms that run and store the information such as patients data.

He further added that the Government must take quick safety measures to decrease the risk of similar data breach from happening and invest in security programs with trusted security platform providers.

Police Exam Applicants Data (Februrary 2021)

Information of over 5,00,000 applicants identifying information related to their personality was put on sale on the forum of database sharing. It was tranced by CloudSEK which is a threat intelligence firm. The data was traced back to an Indian police exam that was conducted on December 22, 2019.

The seller shared the data of over 10,000 candidates with CouldSEK.The data shared included Names, DOB, email IDs, mobile numbers, FIR records along with the criminal history of the candidates. Later on, after the analysis of leaked data, it was revealed that most of the candidates were from Bihar. When the threat-intel firm matched the mobile number with the candidate names, it came out that the hacked data was authentic.

Upstox Reset Passwords (April 2021)

Upstox is an Indian trading platform. In April 2021, the company acknowledged a cyber breach of KYC data. Since KYC data can be used for identity theft by hackers, the data was gathered by financial service companies that confirmed the identity of the customers and to prevent money laundering and fraud.

On April 11, the company told the customer that they will change the passwords and take other safety measures as soon as they got a warning in an email that the contact data and KYC data might have been compromised, which were stored in a third-party warehouse.

Later, the company Upstox apologized to the customers and told them that they have reported this incident to the enhanced securities and boosted their bug bounty program to call out ethical hackers who will test the system.

Domino’s India (April 2021)

Information related to customers over 180 million orders of Domino’s India were put up for sale on the dark web. CTO of cyber intelligence firm Hudson Rock, Alon Gal revealed it. He also said that someone asked for 10 bitcoin which costs Rs 4 crore for 13 terabytes of data that included credit cards records of 1 million people along with the details of 180 million pizza orders. The data included names, email IDs and contact numbers as well.

Alon Gal shared the screenshot that showed the hackers claiming to have details of over 250 employees of Domino’s India along with their outlook mail dating back to the year 2015. Jubilant Foodworks is the parent company of Domino’s India told IANS about the information security incident however denied that their customer’s financial information was also breached as they do not store credit card details.

Air India Cyber Breach (May 2021)

In May 2021, data from Air India airline was breached and over 4.5 million passengers' personal data was compromised. The leaked data was collected between Aug 2011 and Feb 2021. The incident was revealed by the airline data servicer provider SITA. Passengers did not hear about the incident till March. The attack on SITA’s passenger service system not only affected Air India but also airlines such as Lufthansa, Cathay Pacific and Malaysia Airlines.

Importance of Cyber Insurance

When the data of such big companies are not safe then you can understand the importance of a cyber insurance policy. However, it would not bring back the breached data but it can provide financial aid along with assistance in case you get stuck in any legal consequence.

Conclusion

These were some of the biggest cyber attacks that took place in India between 2019 and 2021. Cyber attacks are inevitable hence protecting online data with cyber insurance becomes vital. Make sure that your data is insured so that you do not have to bear the whole burden alone.

Written By: PolicyBazaar - Updated: 18 January 2023

Cyber insurance news

Latest News
Reddit Hacked in a Targeted Phishing Attack

14 Feb 2023

On February 5, Reddit confirmed hackers tried to access their internal information and source code through a highly targeted phishing attack.
Read more
Christopher Slowe, CTO of Reddit, revealed the company was able to recognize sophisticated attacks targeting Reddit employees. He said that an unidentified attacker message sent 'plausible-sounding prompts’ that redirected the company's employees to an internet portal that impersonated to be Reddit. The hackers tried to steal employees' credentials & two-factor authentication keys. The hackers accessed some internal documents, source codes, dashboards, and business systems. However, Reddit recognized the security breach, cut off the access, and started an internal investigation. They also said there is no evidence of personal or non-public data breaches, publication, or online distribution. Furthermore, they are investigating & monitoring the situation to enhance their security system.
FM Nirmala Sitharaman announces Set up of 3 Artificial Intelligence Centres of Excellence

03 Feb 2023

Finance minister Nirmala Sitharaman presented the Union Budget FY 2023 on February 1, 2023. The Finance Minister announced the establishment of 3 artificial intelligence centres for excellence under
Read more
the initiative of “Make AI in India”. Set up of these AI centres will take place in top educational institutes. “Make AI work in India” is an initiative and a focus area of the Modi Government. Nirmala Sitharaman also said that the government will implement the national data governance policy.
Cyber Fraudster Target Customer under Disguise of Insurance Officer

09 Jan 2023

Cyber fraudsters are targeting customers under the disguise of not a bank official but an insurance company official. In one such event, a 67 year old citizen from Thottakattukara, Kochi, lost Rs 1 lakh.
Read more
He was approached by a woman name Radhika Jain who claimed to be from an insurance company. She promised the victim to make the financial settlement for the raised claim if he pays Rs 1 lakh to renew the policy. When the victim filed the complaint, Rural Cyber Police, Ernakulam, launched the investigation. The incident took place on October 29 and the fraudster claimed to be an ICICI Prudential Insurance official. The fraudster fooled the elderly person by telling them that his insurance policy has expired and the settlement cannot be made disbursement of the insurance amount. As per the Police officer, “The fraudster suggested the victim to pay Rs 1 Lakh to renew the insurance policy. If the policyholder pays the amount then he will be considered as Senior citizen and the disbursement will be done. In order to make it look genuine, the caller sent ICICI Prudential life insurance letterhead through Whatsapp.” “The fraudster promised the complainant that within 45 days the settlement of Rs 2.45 lakh will be done. The victim transferred the amount to the fraudster’s Canara bank account and once the payment was made the fraudster sent some fake documents. However, the promised settlement of Rs 2.45 lakh was not made even after 45 days.” A police officer said. After cross checking the details of transaction, the police found out that the accused was from Aligarh. Police is also probing as to how the accused got the information related to the insurance policy of the victim.
Sensitive Data of 6 Lakh Indians Stolen by Hackers and Sold at Rs. 490 each

09 Dec 2022

Out of 5 million people globally, 6 lakhs Indians have had their sensitive data stolen and sold on the bot market making India, the worst affected country.
Read more
The average cost of the digital identity of one person was Rs.490, revealed NordVPN, the world's largest VPN service provider. The stolen data include user logins, screenshots, digital fingerprints, cookies, and other sensitive information. All these data are sold in packets in the bot markets, which refer to places where hackers sell stolen data from victims' devices with bot malware. The study majorly looked into three-bot markets the Genesis market, 2Easy and the Russian Market. Out of 26.6 million stolen logins found on the bot markets, 7,20,000 were Google logins, 6,47,000 were Facebook and 6,54,000 were Microsoft logins. Moreover, 667 million cookies, 5,38,000 auto-fill forms, 81,000 digital fingerprints, multiple device screenshots, and webcam snapshots were also found by the researchers. The bot markets are distinct from other dark markets as bot markets are able to get huge amounts of information related to one person in one place. The hackers also guarantee that once the bot is sold, the data of the victim will be updated till their device is affected by that bot, stated Marijus Briedis, chief technology officer at NordVPN. Security researchers also said that not all bots come with a good purpose, many can be malicious as well. These bots operate in multiple fields like customer service, SEO and entertainment and are becoming increasingly common recently. Vidar, RedLine, Taurus, AZORult and Racoon are some of the most popular malware used to collect and steal information out of which RedLine is the most common, stated the report.
AIIMS Cyber Breach: Attackers Demand Rs 200 Crore in Crypto

06 Dec 2022

All India Institute of Medical Sciences, New Delhi, India reported a cyberattack on November 23, 2022. Later, the statement released by AIIMS said that e-hospital system
Read more
has gone down and it has affected the digital hospital services, e-billing, smart lab, appointment system and report generation. AIIMS currently manages around 2,500 beds. It is said that the data of around 2 to 3 Crore patients might have been compromised. After the incident, AIIMS shifted to manual operations to cater the patients. Also, All India Institute of Medical Sciences sought National Informatics Centre (NIC) and I-CERT to restore the digital services. The incident has been reported to Delhi Police whereas CBI and NIA have joined the investigation. AIIMS issued a new Standard operation procedure where the admission, discharge and transfer of patients will be done manually.  As per a source told Press Trust of India, “Hackers have demanded a ransom of Rs 200 Crore in crypto currency on November 28, 2022”. Later, Intelligence Fusion & Strategic Operations unit have registered the case under cyber terrorism and extortion on November 25.  Meanwhile, National Information Centre e-hospital database and application servers restored the data for e-hospital. Also, the team of NIC is cleaning and scanning infections from other e-hospital servers that are located at AIIMS hospital. These servers are required to deliver the service of the hospital. Also, four physical servers have been arranged to restore the e-hospital services and have been scanned and prepared for the applications and database. As per the source, “Sanitisation of AIIMS network is in progress. Antivirus has been installed on 1200 out of 5000 computers and 20 out of 50 servers have been scanned. This activity is going on 24*7”.

Cyber insurance articles

Recent Articles
Popular Articles
9 Ways to Protect Yourself from Cyber Crime

21 Mar 2023

As per the Indian Computer Emergency Response Team, 12.67 lakh
Read more
Cyber Insurance for Banking Finance and Insurance Industry

28 Feb 2023

Cyber insurance for the banking finance & insurance industry
Read more
Interconnected History between Cyber Insurance and Cybersecurity Policy

14 Feb 2023

Cyber insurance and cybersecurity policy are two important
Read more
The Imperative Need of Cyber Insurance for MSMEs

14 Feb 2023

In the age of digitalization, technology has become an essential
Read more
The Need for Cyber Insurance Policy in India

01 Feb 2023

Cyber attacks are becoming increasingly frequent in India and
Read more
8 Ways to Enhance Retail Store Security
Every shop owner must put in extra efforts to make their retail store as safe as possible. To create a secure
Read more
Impact of Cyber-Attacks On Insurance Industry
The cyber risks have increased after the outbreak of Covid-19. One of the main reasons behind the increment in
Read more
Role of Cybersecurity in the BFSI Sector in India
The Banking and Financial Services Industries (BFSI) sector has been one of the pioneers in adapting technological
Read more
Cyber Security for Retail: Threats & How To Avoid Them?
With the increased usage of the Internet, the number of cyberattacks has increased as well. Since retail shops
Read more
The Importance of Cyber Security Insurance: Is Cybersecurity Insurance Worth it?
In today's digital age, technology has become an integral part of our daily lives. From shopping online to banking
Read more