wordpress blog stats
Connect with us

Hi, what are you looking for?

Exclusive: Over 30 data breach incidents reported in India since the year began

Aside from data breaches, India’s IT security agency was also alerted to cybersecurity incidents that were greater in number.

You are reading it here first: Between January and June 2021, 30 data breach incidents were reported to the Indian Computer Emergency Response Team, a response to an RTI filed by MediaNama has revealed. This new disclosure by the nodal agency comes after incidents at Pine Labs, Dominoes, Air India, etc., have compromised the data of millions of Indians in the last few months.

As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT- In) a total number of 30 suspected data breach incidents observed during 01.01.2021 to 30.06.2021 — RTI response

CERT-In also revealed that it has taken cognisance of the breach at Pine Labs and said that the matter was currently under investigation.

Earlier this year, a petition was filed in the Delhi High Court alleging inaction by CERT-In against various cybersecurity incidents reported to it. Meanwhile, India is still awaiting its new National Cyber Security Strategy which has been in the works since 2019.

What took place at Pine Labs?

Pine Labs is an Indian merchant company that provides financing and last-mile retail transaction technology. In August, Pine Labs was attacked by a ransomware group called BlackMatter which has emerged as a new hacking group that extorts huge sums of money. According to an investigation by Cyble Research Lab, 5,00,000 unique records including sensitive information such as phone, name, and email ids were accessed.

In its response, CERT-In said that it had published an advisory regarding data breaches in January 2021 which contained recommended best practices such as conducting cybersecurity training for employees, setting up reporting and incident response processes, keeping software and services updated, etc.

Advertisement. Scroll to continue reading.

More number of cybersecurity incidents in first half of 2021

In July, the Ministry of Electronics and Information Technology revealed in Lok Sabha that CERT-In observed a total of 6,07,220 cybersecurity incidents in the first half of 2021.

What is considered a cybersecurity incident? According to the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, a cybersecurity incident is any event related to cybersecurity that resulted in a breach of security policies and unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, and so on.

What is considered a data breach? A breach instead is defined as the unauthorised acquisition or use by any entity of data that compromises the confidentiality, integrity, or availability of information maintained in a computer resource.

CERT-In policy on reporting data breaches

At present, security incidents and vulnerabilities can be reported to CERT-In by contacting the agency (through email, phone, or fax) and providing details. However, a recent update to its Responsible Vulnerability Disclosure and Coordination Policy laid down that incident reporters could be held liable for the methods through which they discovered a vulnerability.

“Reporting a vulnerability to CERT-In does not imply being exempt from compliance. Discloser shall be responsible for any action performed by her/him discovering the vulnerability whatsoever,” the policy read.

Cybersecurity researchers and experts have criticised the update, saying that it was equivalent to ‘shooting the messenger’ and could impede such reporting.  Last week, the digital rights group Internet Freedom Foundation wrote to CERT-In, raising concerns about researchers’ potential reluctance in reporting vulnerabilities in the future and asking for a change in policy.

Advertisement. Scroll to continue reading.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover health technology for MediaNama, among other things. Reach me at anushka@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ