Explained: The new wave of data leaks amid WFH

As the world shifts to remote work to contain the spread of the Covid-19 pandemic, businesses are increasingly finding their data leaked on the dark web. Recently, three companies – Upstox, Domino’s India, Bizongo and JusPay confirmed data breach.  

In the case of stockbroking platform Upstox, a suspicious website, ShinyHunters, allegedly leaked 56 million KYC files, of which 2.5 million belonged to the fintech startup. The KYC files included information such as name, email, date of birth, PAN, and bank details. 

Online marketplace for B2B packaging needs Bizongo saw customer bills of its clients exposed on the internet. The affected customers include internet companies such as Jio, Cure.fit, Swiggy and Flipkart to name a few.  

While cloud migration, increase in remote working and lack of cybersecurity talent remain key reasons for the increase in security attacks, human error tops the list.  

Last year, 97% of enterprises globally faced mobile threats that used multiple attack vectors, according to a report by Tel Aviv based cybersecurity company Check Point Software. The 2021 Mobile Security report, which predicts trends in malware, device vulnerabilities and in-nation state cyber-attacks also said that about 46% of all organisations had at least one employee who downloaded a malicious mobile application. 

Internet security researcher Rajshekhar Rajaharia had earlier told TechCircle that the target customers of such data are often rival companies who want an idea of their peers’ internal business models. But primarily, the hackers use the leaked data to blackmail companies and ask for ransom, like the case of MobiKwik and Upstox. 

“Upstox was asked for $1.2 million in ransom and even MobiKwik was asked for around Rs 60 lakh,” Rajaharia said. 

So, what are the key causes of such large-scale breaches and how can internet users protect their data? Watch the video to know more.