Data Leak

A significant percentage of citizens believe that one or more of their personal data elements are already in the public domain or in databases that have been compromised, a survey said on Monday. According to online platform LocalCircles, 87 per cent of citizens surveyed believe their personal data was leaked in the public domain. The survey claims to have received over 36,000 responses from citizens located in 375 districts of India between August 25 to February 28. However, the number of responses on each question varied. Most of the respondents have blamed telecom operators, e-commerce apps, banks and financial service providers, government departments etc for compromising their data in public domain. Of those Indians who believe their personal identification data has been leaked or in public domain, over half of them say it is either their Aadhaar or PAN card details or both that have been compromised. "Citizens whose personal data has been leaked and in public domain hold var

If confirmed, this would be the latest in a string of data leaks that have plagued the sector in recent months

The Star Health Insurance breach is just one in a series of recent data breaches affecting millions of people in India

Star also sued Telegram and hacker xenZen, after it was reported that sensitive personal data, from numbers to copies of identity cards and blood reports of customers, were publicly accessible

The personal data of 7.5 million boAt customers is a being sold at just two euros on the dark web

Files leaked on GitHub include data not only from India but from at least 80 overseas targets, including Vietnam, Thailand and Taiwan

The Department of Telecom has asked service operators for a security audit of their systems following claims by a cybersecurity firm that data of 750 million Indian subscribers has been leaked, a government official said. Cybersecurity firm CloudSEK has claimed that its researchers have found that hackers are selling 1.8 terabyte of database comprising 750 million Indian mobile consumers on the dark web. The hacker has denied any involvement in a breach and has claimed to have obtained the data through undisclosed asset work within law enforcement channels, CloudSEK said. "The DoT has asked telecom operators to get a security audit of their systems," a senior government official said. The officer, however, said that telecom operators have informally shared with the department that the leaked information claimed in the ClouSEK report seems to be a compilation of old data sets of telecom subscribers and it is not due to any vulnerability in their system. CloudSEK in its report last

Investigations into the reported data breach on the CoWIN portal have ascertained that there was no bulk data download from its beneficiary database, Union Minister for State for Health S P Singh Baghel told the Lok Sabha on Friday. The CoWIN portal of the Union health ministry already has adequate security measures and safeguards for data privacy with Web Application Firewall (WAF), Anti-DDoS and SSL/TLS (regular vulnerability assessment) identity and access management, the minister said in a written reply in the Lower House. The CoWIN portal is the repository of all data of people who have been vaccinated against COVID-19. "There were media reports of apparent breach of CoWIN data of beneficiaries who have received Covid vaccination in the country. The matter was investigated and analysed by CERT-In under the Ministry of Electronics and Information Technology and it was ascertained that there was no bulk data download from Co-WIN beneficiary database," Baghel said. In view of med

Digital platforms will need to take unconditional and informed consent from users for processing their data

Millions of US military emails were mistakenly sent to Mali; the leak has exposed highly sensitive information, including diplomatic documents, tax returns, travel details of top officers

A man was arrested and a juvenile were apprehended from Bihar in connection with their involvement in the alleged data leak from CoWIN portal, officials said on Thursday. The man is alleged to have used a Telegram app to leak the data, they said. There have been claims about a breach of data of citizens registered on the CoWIN platform, and opposition parties have asked the government to take deterrent action. The government has termed such reports "mischievous" and "without any basis" while asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy. The matter was sent for a review by the country's nodal cyber security agency CERT-In, which said in its initial report, that the backend database for the Telegram bot, which is at the centre of the alleged leak, was not directly accessing the APIs of the CoWIN database. In a statement, the Union Health Ministry also said that an internal exercise has been initiated to review the existing security ...

Information like government ID numbers such as Aadhaar, passports, or PAN numbers become persuasive records, as they cannot be changed or erased for a particular individual

Govt terms breach reports on Telegram 'mischievous'

Crucial information like a person's phone number, gender, ID card information and date of birth can be received from a Telegram bot just by entering a person's name

A decade-long data breach in Toyota's much-touted online service put some information on more than 2 million vehicles at risk, the Japanese automaker said Friday. Spanning from January 2012 to April 2023, the problem with Toyota's cloud-based Connected service pertains only to vehicles in Japan, said spokesperson Hideaki Homma. The Connected service reminds owners to get maintenance checks and links to streaming entertainment and provides help during emergencies. It can call for help after a crash or locate a car that's been stolen. No issues arising from the breach have been reported so far. Although there is no evidence any information was leaked, copied or misused due to the breach, the data at risk includes: the vehicle identification number, which is separate from the license plate; the location of the vehicle and at what time it was there; and video footage taken by the vehicle, known as the drive recorder in Japan. Such information cannot be used to identify individual owne

The company conducted a survey last month about the use of AI tools internally and said that 65% of respondents believe that such services pose a security risk

As Pentagon jobs go, Teixeira's was pretty junior and his job description says workers like him "keep our communications systems up and running and play an integral role in our continuing success"

The government penalised the RailYatri app custodian company for a data leak and the app was restored after taking necessary security measures, Parliament was informed on Wednesday. Minister of State for Electronics and IT Rajeev Chandrasekhar in a written reply to the Lok Sabha said that IRCTC took action on the RailYatri app following information shared by CERT-In in December 2022. "As per information furnished by the Indian Railway Catering and Tourism Corporation (IRCTC), upon receipt of information from CERT-In in December 2022 regarding leakage of data acquired and maintained by RailYatri app, the ticket-booking facility on RailYatri app was stopped, penalty was imposed on the company which is the custodian of the RailYatri app, and the app was restored after taking necessary security measures," he said. The minister said that a total of 10, 5 and 7 incidents of data leak related to government organisations were reported for the years 2020, 2021 and 2022 respectively. "As per

A county in Washington inadvertently released nearly half a million partial Social Security Numbers when responding to a routine public records request in December, according to county officials. The Pierce County Auditor's Office, which mistakenly released the sensitive data, said in a news release that the human error was quickly spotted and that the person who received the SSN digits deleted them within two hours. The requester had not asked for the personal information. First let me say that I am incredibly sorry that this happened, Pierce County Auditor Linda Farmer said in statement. Farmer added that this was not a targeted hack, and that "we have taken steps to ensure it does not happen again. The Social Security number information was included in a routine request for publicly available voter registration data, which typically includes names, addresses and birth dates. Personally identifiable information, including Social Security number information, which can be used to ..