At least 18 out of every 100 Indians have been affected by data breaches since 2004, making India sixth in the world by the number of breached users, a new report revealed on Monday.
As of June 1, India’s breach rate was 740 per cent higher than the first quarter (Q1) this year, rising from five to 42 breached accounts per minute.
Indian users’ data may become increasingly endangered as the new directive from the Indian Computer Emergency Response Team (CERT-In) calls companies to extensive data collection within Indian jurisdiction, putting even more of users’ data at risk to be breached, according to cybersecurity company Surfshark.
“Since 2004, 14.9 billion accounts have been leaked, and a striking 254.9 million of them belong to users from India. This makes India sixth in the world by the number of breached users,” the report mentioned.
A striking 962.7 million Indian data points have been leaked so far, most of them passwords, names and telephone numbers.
The new CERT-In directive orders to store and hand-over larger amounts of customers’ personal data upon request.
“Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country,” said Gytis Malinauskas, Legal Head at Surfshark.
Ultimately, “collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide,” Malinauskas added.
Lack of privacy legislation puts India’s users’ data in danger of being sold, reused or exploited in offenses.
Over the last decade, the government has introduced several digital-surveillance measures. On April 28, it directed a number of companies to collect and store users’ data — names, addresses, contact numbers, email, and IP.
As the scale of data collection widens, so does the risk for it to be leaked from databases.
In a country that has lost over 962.7 million peoples’ contact details to data breaches over the past 18 years and lacks strong data protection laws, this poses serious cybersecurity concerns, the report noted.
Statistically, per every 10 leaked accounts in India, half are stolen together with a password and Indians lose 3.8 data points per data breach, while the global average is only 2.3.
Some of the reasons for this could be user habits or data collection practices of Indian online services and applications, the report said.
“The situation is extremely worrying in terms of lost data points, considering that per every 10 leaked accounts in India, half are stolen together with a password,” the findings showed.
Current legal acts are outdated and require revamping, and digital privacy continues to weaken with newly introduced bills.
Additionally, Indian internet users are also being increasingly targeted by cybercriminals.
In 2021, the CERT-In team handled over 1.4 million incidents involving phishing attacks, probing, viruses, malware, and others, and showed 21 per cent increase compared to 2020 even if many remain unreported.