DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Our Locations
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company
DPDP Consultants, your trusted partner in ensuring Digital Personal Data Protection (DPDP Act 2023) compliance for businesses in India.
Learn about the top 5 recent data breaches in India, and how they’ll be impacted by the DPDPA enforcement.
This situation underscores the need for businesses to secure their networks, enforce strong passwords, and train employees to recognise phishing attempts, which AI is making more difficult to detect.
Forbes India reported a personal data leak of 7.5 million boAt customers, including names, addresses, phone numbers, email addresses, and customer IDs. The security breach, disclosed by hacker ShopifyGUY, occurred on April 5 and was shared on a dark web forum, exposing users to risks like financial fraud and identity theft.
Rakesh Krishnan of NetEnrich stated the hacker accessed the personal data well before it appeared on the dark web, at least a month ago. Yash Kadakia, founder of Security Brigade, noted that personal data is available on some forums for eight credits (around two euros) and may soon be free on Telegram, posing risks of phone and email scams.
Cybersecurity researchers have discovered a massive global database of 26 billion leaked records. According to Forbes it is likely the largest security breach to date, and rightly dubbed the “Mother of all Breaches”. Bob Dyachenko of Security Discovery and the Cybernews team claim to have discovered the 12-terabyte breach database containing sensitive information from sites like Twitter, Dropbox and LinkedIn, Chinese platforms like Tencent and Weibo, and other platforms like Adobe, Canva, and Telegram.
The leaked personal data includes numerous username and password combinations. While much of it is recycled from past breaches, the presence of these credentials poses a significant threat.
Resecurity, a US-based cybersecurity firm, reported that the personal information of 815 million Indians was leaked on the dark web. This personal data included names, phone numbers, addresses, Aadhaar, and passport information, with the entire breach database being sold for $80,000 by a threat actor named ‘’pwn0001’.
The Central Bureau of Investigation (CBI) was investigating the breach. There were suggestions that the personal data may be from the Indian Council of Medical Research (ICMR) database.
This breach has been a major setback for the government’s digitization efforts, which rely on Aadhaar and other digital infrastructures.
The Covid-19 test data, of over 81 crore Indians, had allegedly been leaked and put up for sale on the dark web. This breach database was held with the Indian Council of Medical Research (ICMR). An American cybersecurity agency discovered the breach, which includes names, addresses, phone numbers, and Aadhaar numbers. The security breach was also advertised on X (formerly Twitter) by the hacker.
The hacker reportedly shared spreadsheets with one lakh records of personal information of Indian residents. The ICMR had also alerted the Indian Computer Emergency Response Team (Cert-In). However, it’s unclear if ICMR systems were breached or if there was another source.
These recent data breaches tell us that the need to safeguard the personal data of your customers is more urgent than ever. Here’s what each organization must do:
India’s Digital Personal Data Protection Act (DPDPA) outlines key rules and standards that help protect personal data of individuals handled/processed by organisations. Data Fiduciaries (entities responsible for determining how and why personal data is processed) are responsible for safeguarding individuals’ personal data.
Any business managing personal data in India needs to understand these duties and obligations.
Under the Digital Personal Data Protection Act (DPDPA), a data fiduciary is any entity that determines the purpose and means of processing personal data. This includes organisations of all sizes that handle personal data impacting Indian citizens.
1. Data fiduciaries must ensure the security and confidentiality of customer information held by data processors. Staff access should be limited to necessary functions only.
2. Data processors must isolate and identify each data fiduciary’s customer information, with strong safeguards like encryption to prevent mixing personal data from different entities.
3. Data fiduciaries should monitor data processors’ security practices and require disclosure of any security breaches or incidents. They must notify the Data Protection Board of India and affected individuals if a personal data breach occurs.
4. Cybersecurity incidents must be reported to CERT-In within a reasonable time frame of detection. Data fiduciaries must be notified by data processors about any security breaches or personal data leaks as soon as possible.
All Data Fiduciaries must comply with the Digital Personal Data Protection (DPDP) Act. Not following the provision or rules can lead to hefty fines, depending on the severity of the violation.
The need to get consent from a verified parent or guardian can create logistical challenges for personal data handlers because there’s no way to determine the user’s age, especially for e-commerce sites and social platforms.
Once the Data Protection Board is established under the DPDPA 2023, it may investigate past data breaches that occurred after the act was enacted. Here’s what could happen:
The Digital Personal Data Protection Act 2023, is not just a set of rules; it’s a government mandate. Compliance requires a comprehensive framework with policies, regular audits, and assessments.
That’s where DPDP Consultants come in. Our team of privacy experts can guide you automate consent, DPIAs and grievance redressal to simplify compliance and personal data management.
Personalised strategies for your organisation to understand, manage, and reduce digital personal data risks.
In addition to the DPCM tool, they offer various services and tools to help you comply with the DPDP Act efficiently.
DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Copyright 2024 © DPDP Consultants, A Privacyium Tech Pvt. Ltd. Company