Major cyberattacks and data breaches faced by India Inc in 2021

India’s digital growth story is attracting a lot of unwanted attention from cybercriminals as well as rogue nation-states. Though companies are stepping up spending on cybersecurity to mitigate the risks, threats have continued to grow due to poor awareness among employees and unknown vulnerabilities. Cybersecurity firm Kaspersky detected 8.3 crore cyber threats in the April-June quarter of 2021 up from 3.7 crore threats detected in January- March quarter. In July, the minister of State of Electronics and IT Rajeev Chandrashekhar said in the Parliament that India had seen 6.07 lakh cyber security incidents during the first half of 2021. 

Here are some of the major cyber incidents and data leaks involving Indian companies in 2021.  

January 2021: Juspay customer card details leak

Homegrown payment processing platform Juspay reportedly compromised data of over 100 million customers, according to claims made by independent security researcher Rajshekhar Rajaharia. He claimed that an attacker had released two sets of data on the Dark Web. One contained email addresses and mobile numbers of 100 million customers and the other had 46 million card transaction details. In its defence, Juspay said it had suffered a data breach in August 2020 but it only impacted an isolated storage system that didn’t have any sensitive information.  

March 2021: Ransomware attack on Pimpri Chinchwad Smart City servers

In March, Indian IT company Tech Mahindra that is managing the smart city project for Pimpri Chinchwad municipal corporation filed a criminal report about a ransomware attack that occurred on February 26. Tech Mahindra reportedly told the police that the attack occurred when the configuration process was being undertaken and it had delayed the project by a month, resulting in an estimated loss of Rs 5 crore. The city officials told the media that they didn’t lose any data due to the attack and no ransom was paid to the attackers.  

March 2021- MobiKwik customer KYC data put up for sale on Dark Web

In March, Rajaharia claimed that a large data set containing sensitive know-your-customer (KYC) data of 110 million customers linked to mobile wallet and payment company MobiKwik was put up for sale on a hacker forum on Dark Web. The leaked data included Aadhaar cards, credit and debit card credentials and mobile numbers of the customers. Though MobiKwik refuted any claims of a data breach, the leak was confirmed by other security researchers including French ethical hacker Robert Baptiste (also known by pseudonym Elliot Alderson) and Australian security researcher Troy Hunt.   

May 2021- Air India customer data leaked by SITA servers

In May 2021, India’s national airline Air India said its data servers were targeted by a cyberattack and sensitive data of 4.5 million customers around the world were believed to be compromised. The leaked data included passport details, ticket information, credit card credentials registered between August 26, 2011, and February 20, 2021. The targeted servers that carried Air India customer data were managed by Switzerland-based tech company SITA that was started by 11 airline companies that are part of the Star Alliance.  

May 2021: Domino’s India customer data surfaces online 

During the same month, the Air India breach was reported, data of 180 million customers who had ordered pizza from Domino’s India was allegedly published on the Dark Web. The unknown threat actors had published the data of customers and created a search engine on Dark Web to help users look up their data on the Tor browser. The leaked data included names, emails, mobile numbers and location details of the customers. Jubilant FoodWorks, the company that runs Domino's admitted there was a breach and reiterated that customers’ financial information was safe. The breach was first reported by Israeli security researcher Alon Gal in April and was also backed by Rajaharia in May. 

November 2021: PNB server vulnerability exposes financial information

Cybersecurity firm CyberX9 reportedly found a vulnerability in the exchange servers of leading public sector bank Punjab National Bank (PNB) and alleged that personal and financial information of close to 180 million customers was left exposed for 7 months. PNB admitted that there was a vulnerability, but refuted claims that customer data was exposed because of it. PNB also reportedly said that the compromised servers didn’t contain any sensitive customer information.  

Security researchers believe that the threat of ransomware and zero-day attacks are not going to subside anytime soon. According to cybersecurity firm Trend Micro, 73% of organisations in India are expecting data breaches involving customer data in the next one year. Maya Horowitz, VP Research at Check Point Software warned in a blog post, “The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks.”