India ranked sixth among the countries with the highest number of data breaches. Eighteen out of every 100 Indians have been hit by data breaches since 2004, cybersecurity company Surfshark said in a report.
India’s breach rate was 740% higher than the first quarter, as of June 1, rising from five to 42 breached accounts a minute. And an Indian Computer Emergency Response Team (CERT-In) directive could worsen the situation and put even more user data at risk, Surfshark said. The CERT-In directive orders to store and hand-over larger amounts of personal customer data upon government request.
“Since 2004, 14.9 billion accounts have been leaked, and a striking 254.9 million of them belong to users from India. This makes India sixth in the world by the number of breached users,” the cybersecurity company said in its report.
A whopping 962.7 million Indian data points have been leaked, most of them being names, passwords, and phone numbers.
Speaking on the CERT-In directive, Surfshark legal chief Gytis Malinauskas said: “Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country.”
“…collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
Lack of legislation to protect user privacy puts Indian users’ data in danger of being sold, reused, or exploited.
The government has introduced several digital-surveillance measures over the last decade. On April 28, it directed several companies to collect and store user data — names, addresses, IP addresses, contact numbers, and email. As the data collection scale widens, so will the risk for leaks, the report said.
Statistically, for every 10 leaked accounts, half are stolen with a password and Indians lose 3.8 data points per breach. The global average is 2.3.
The report attributed the reasons to user habits or data collection practices of Indian services and applications.
“The situation is extremely worrying in terms of lost data points, considering that per every 10 leaked accounts in India, half are stolen together with a password.”
The cybersecurity company also pointed to the outdated laws that required revamping.
In 2021, CERT-In handled over 1.4 million incidents involving phishing attacks, viruses, probing, and malware and showed a 21% on-year increase even if many remain unreported.