Recently, e-grocer BigBasket landed in trouble when it accidentally put the data of over two crore users at stake. The leaked data includes sensitive information such as full names, email IDs, password hashes, contact numbers, addresses, and more on the dark web. A hacker has put the data on sale for around Rs 30 lakh said by US-based cyber intelligence firm Cyble. Confirming tthe breach, BigBasket said that they are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts.
Concerned with the recent spate of cyber breaches ranging from that on Prime Minister Narendra Modi's personal website to e-commerce companies, the government is working towards tightening data storage and security norms to avoid any major incident that can put citizens' data at risk. To check data breach of digital companies about their protocols a joint Parliamentary panel had last week sought details separately. "We are concerned by the breach of data from e-commerce and other companies. There will of course be follow-up actions in the regulatory space to see to it that customer data is kept safely by companies and financial institutions," said a senior government official.
"We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," it said. Cybersecurity experts say it is nearly impossible to pull down data once available on the dark web. "Data security remains one of the last priorities for many e-commerce companies despite the Data Protection Bill, 2019 tabled by the government last year. Worse is that government apps and websites are more vulnerable to cyber breaches," said a senior executive at a leading cybersecurity firm. According to Nasscom's Data Security Council of India report 2019, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018.