The latest study by cybersecurity company Surfshark has ranked India as “the 6th most breached country since the first recorded digital attacks in 2004.”
Meanwhile, the newly-introduced CERT-In law orders to store and hand-over larger amounts of customers’ personal data upon request. As the scale of data collection widens, so does the risk for it to be leaked from databases. In a country which has lost over 962.7 million peoples’ contact details to data breaches over the past 18 years & lacks strong data protection laws, this poses serious cybersecurity concerns, according to the report.
Surfshark’s data shows that since 2004, the year data breaches became widespread, 14.9 billion accounts had been leaked, of which 254.9 million belonged to users from India, according to a press release. To put in perspective, 18 out of every 100 Indians had their personal contact details breached.
Over the last decade, the Indian government had introduced a panoply of digital-surveillance measures. On April 28, it directed a number of companies to collect and store users’ data — names, addresses, contact numbers, email, and IP addresses — for up to five years & hand over the same if requested.
“Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country,” said Gytis Malinauskas, Head of Legal at Surfshark, in response to the newly-introduced India’s VPN law, in the statement. “Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
Global breaches are rising again. In 2022’Q1, 304 accounts were being breached every minute. In the present quarter (2022’Q2), however, breach rates are 6.7% higher. As of June 1st 2022, only two months into the quarter, India’s breach rate is 740% higher than in 2022’Q1, rising from 5 to 42 breached accounts per minute.
Additionally, Indian internet users were also increasingly targeted by cybercriminals. In 2021, the CERT-In team handled over 1.4 million incidents involving phishing attacks, probing, viruses, malware, etc, & showed 21% increase compared to 2020 even if many remain unreported. Most of these internet crimes tend to be made possible by illegally acquiring user data, such as names, emails, passwords, & IPs, which increasingly appear Online due to data breaches or leaks.
Surfshark’s data showed that Indians lost 3.8 data points per every breached account, while the global average was only 2.3. Some of the reasons for this could be user habits or extensive data collection practices of Indian Online services & applications.
