Case Study On Recent Data Breach In India In 2024
Data breaches continue to be a threat on a global scale. Sensitive data from businesses and organizations in all sectors has been stolen in recent years due to data breaches.
Let’s examine the most recent data breaches that occurred in India in 2024, but first, let’s define what a data breach is. Then, we can move on to the case study.
What Is Meant By Data Breach?
When sensitive and private data—like social security numbers, bank account numbers, medical records, or professional data—like customer information, intellectual property, or financial data—is accessed by an unauthorized party, it’s referred to as a data breach.
Data breaches and cyberattacks frequently occur together, although not all cyberattacks may be classified as data breaches. The phrase “data breach” only describes security lapses in which an unauthorized user obtains access to data.
Individuals are equally vulnerable to data breaches, in addition to large corporations and governments. The most common causes of data breaches are flaws in user behavior or technology.
Now that we know how serious this is, let’s look at some actual instances. A look at some of the documented breaches in India in 2024.
Reported Data Breach in India
With 5.3 million compromised accounts, India came in fifth place internationally last year out of 299.8 million compromised accounts worldwide. The following are the major data breaches that occurred in 2024:
| Organization | Details | Impact | Data Exposed | Hacker | Source |
| Boat Data Breach (April 2024) | Data leak size: 7.5 million boAt customers. Dark Web Price: 8 credits (around two euros). Potential future availability: Free on Telegram. | Increased risk of financial fraud, identity theft, phone scams, and email scams. | Names, addresses, email addresses, phone numbers, and customer IDs. | ShopifyGUY claimed responsibility | MoneyControl |
| Indian Telecom Data Breach (Jan 2024) | Data Size: 1.8 Terabytes (estimated 750 million records, impacting 85% of the Indian population). Dark Web Price: $3000 for the entire dataset. Affected Parties: All major telecom providers in India. Significance: Exposed vulnerabilities in government and telecom data security systems. | Financial loss, identity theft, cyber-attacks, and potential for future large-scale attacks. | Names, mobile numbers, addresses, and potentially Aadhaar information. | Threat actors named CyboDevil and UNIT8200 | ToI |
| Sparsh Portal Data Leak (Jan 2024) | Affected Personnel: Primarily personnel from Kerala, India. Possible Cause: Malware named “lumma.” Severity: Highlighted vulnerabilities in the TCS-developed SPARSH portal. Additional Concerns: Leaked data found on a Russian marketplace, raising possibilities of international criminal activity. | Increased risk of unauthorized access to pension accounts and potential financial loss. | Usernames, passwords, and pension numbers. | N/A | Business Standard |
| Hyundai Motor India Critical Data Breach (Jan 2024) | Bug Details: The bug involved web links shared by Hyundai Motor India via WhatsApp after customers had their vehicles serviced. Exposed Information: These links, leading to repair orders and invoices in PDF format, contained the customer’s phone number. Availability: Customer’s personal information in the South Asian market. Current Situtaion: Hyundai Motor India reported that bug is fixed now. | Increased risk of identity theft and fraud. | Registered owner names, Mailing addresses, email addresses, phone numbers, and vehicle details (such as registration numbers, colors, engine numbers, and mileage) | N/A | Techcrunch |
| Data breach of FreshMenu (Jan 2024) | Data Exposed: Over 3.5 million order details Cause: Unprotected 26GB MongoDB database (missing password). | Increased risk of identity theft, phishing attacks, and targeted scams. | Device information, email addresses, names, phone numbers, physical addresses, and purchase history | N/A | Techcircle |
| Data breach of UP Marriage Assistance Scheme site (Jan 2024) | Over 250 fraudulent applications submitted within two days. Funds transferred from accounts of 196 individuals. Fraud Amount: Over Rs 1 crore (Rs 1,07,80,000). Target: Uttar Pradesh’s Marriage Assistance Scheme web portal. Affected Portals: UPLMIS.in and sna.uplmis. | Double payments to ineligible beneficiaries. Compromised ID of the Additional Labour Commissioner. Exploited connection to Uttar Pradesh Building and Other Construction Workers Welfare Board’s portal (which administered the scheme). | N/A | N/A | India Today |
| Data breach of documents containing data from EPFO, Indian PMO, and other public and private organizations | Leak Platform: Documents purportedly leaked on social media platform X (formerly Twitter). Data: No confirmation of what data was leaked (claims by attackers only). Current Situation: No concrete evidence of a breach beyond attackers’ claims. | Potentially Affected Entities:Prime Minister’s Office (PMO)Employees’ Provident Fund Organisation (EPFO)Other public and private organizations (unspecified) | N/A | N/A | Economic Times |
Conclusion
The growing cyber challenges we confront are brought to light by recent data breaches in India. Organizational cybersecurity measures need to be studied, with an emphasis on transparency, quick incident response, and proactive protection.
To further protect individual privacy and ensure that organizations are held responsible, a carefully planned Data Protection Law with strong enforcement measures is essential.
Cybervie is a professional cybersecurity company that provides services in network security, application security, cloud security, and general cybersecurity solutions like SOC and SIEM. Our proficiency in several domains of cybersecurity enables our clients to protect their digital assets from possible threats and maintain an upper hand on security issues.
