Case Study On Recent Data Breach In India In 2024

Data breaches continue to be a threat on a global scale. Sensitive data from businesses and organizations in all sectors has been stolen in recent years due to data breaches.

Let’s examine the most recent data breaches that occurred in India in 2024, but first, let’s define what a data breach is. Then, we can move on to the case study.

What Is Meant By Data Breach?

When sensitive and private data—like social security numbers, bank account numbers, medical records, or professional data—like customer information, intellectual property, or financial data—is accessed by an unauthorized party, it’s referred to as a data breach.

Data breaches and cyberattacks frequently occur together, although not all cyberattacks may be classified as data breaches. The phrase “data breach” only describes security lapses in which an unauthorized user obtains access to data.  

Individuals are equally vulnerable to data breaches, in addition to large corporations and governments. The most common causes of data breaches are flaws in user behavior or technology. 

• Ashneer Grover has alleged that BharatPe stole data of 150 billion.

• BharatPe has refuted claims of data theft.

• The company CEO said Grover is retaliating because he was removed from the company. 

• 
  In a fresh battle between BharatPe and its co-founder Ashneer Grover, the former has written a letter to the NPCI alleging that the data of 150 million BharatPe users has been compromised in a data breach.Grover accused the current CEO of BharatPE, Bhavik Koladiya of data theft. He alleged that Koladiya misused his power and carried India’s biggest data theft of close to 150 million users. BharatPe has refuted claims of data theft.

Boat Data Breach (April 2024)

Data leak size: 7.5 million boAt customers.

Dark Web Price: 8 credits (around two euros).

Potential future availability: Free on Telegram.

Increased risk of financial fraud, identity theft, phone scams, and email scams.

Names, addresses, email addresses, phone numbers, and customer IDs.

ShopifyGUY claimed responsibility

MoneyControl

Indian Telecom Data Breach (Jan 2024)

Data Size: 1.8 Terabytes (estimated 750 million records, impacting 85% of the Indian population).

Dark Web Price: $3000 for the entire dataset.

Affected Parties: All major telecom providers in India.

Significance: Exposed vulnerabilities in government and telecom data security systems.

Financial loss, identity theft, cyber-attacks, and potential for future large-scale attacks.

Names, mobile numbers, addresses, and potentially Aadhaar information.

Threat actors named CyboDevil and UNIT8200

ToI

Sparsh Portal Data Leak (Jan 2024)

Affected Personnel: Primarily personnel from Kerala, India. 

Possible Cause: Malware named “lumma.” Severity: Highlighted vulnerabilities in the TCS-developed SPARSH portal.

Additional Concerns: Leaked data found on a Russian marketplace, raising possibilities of international criminal activity.

Increased risk of unauthorized access to pension accounts and potential financial loss.

Usernames, passwords, and pension numbers.

N/A

Business Standard

Hyundai Motor India Critical Data Breach (Jan 2024)

Bug Details: The bug involved web links shared by Hyundai Motor India via WhatsApp after customers had their vehicles serviced.

Exposed Information: These links, leading to repair orders and invoices in PDF format, contained the customer’s phone number.

Availability: Customer’s personal information in the South Asian market.

Current Situtaion: Hyundai Motor India reported that bug is fixed now.

Increased risk of identity theft and fraud.

Registered owner names, Mailing addresses, email addresses, phone numbers, and vehicle details (such as registration numbers, colors, engine numbers, and mileage)

N/A