Just one month into the year, some of these Indian organizations didn’t choose Data Protection and Security in their New Years resolution.
The scary part is that even though these organizations have been informed about these breaches of customer information, they haven’t acknowledged this not let their customers know that their data is floating around the Dark Web marketplace. It’s also surprising that these breaches don’t get enough coverage in Indian media.
Here are some of the more prolific breaches which I have come across in the past month:
If you’ve are one of the 1.2 million customers who’ve travelled on Spicejet, your name, email and phone numbers have been breached. They were left in a web exposed database with an easily guessable password! Apparently, till the security researcher contacted CERT-In, SpiceJet didn’t take any action, even though they were informed about this earlier. (source)
If you’ve ever bought mobile cases or accessories from the online retailer DailyObjects, personal information of customers has been breached which include, name, email, mobile number and physical addresses. I was notified of this by Have I been Pawned, a service I subscribe to, to let me know of breaches. However, there has been no notification from this retailer about this breach.
Indian Health Care Providers
Quite a few health care records and Xray and scan images have been left exposed on the internet by Health Care providers in India – these include some bigger known names like Breach Candy Hospital. These have mostly been due to bad password policies and server misconfigurations which caused sensitive data like this to be left exposed to the internet. (source)
Data which were leaked include, the patient’s name, their ID numbers, date of birth, medical history, medical images, physician names and more. Quite a lot of personal information which you’d not want reaching the wrong hands.
Just to give you an idea of the number of records which have been exposed, here’s the numbers from the report which security research company Greenbone published.
This is a sizable chunk of data getting breached in just the first month of the year. Let’s see whether the situation improves over the year as companies get more security focussed. If you’ve come across other breaches do let me know by leaving a comment.