Cyber attacks have become a significant threat in India, impacting individuals and organizations alike. With the rapid digital transformation, vulnerabilities in systems have increased, leading to numerous high-profile breaches. Cybersecurity service providers play a crucial role in addressing these challenges. Understanding these incidents is essential for developing effective strategies to combat cyber threats.
This blog highlights the 25 biggest cyber attacks in India, examining their impact and the lessons learned. By exploring these events, readers can gain valuable insights into the current cybersecurity landscape and the importance of safeguarding sensitive information.
In August 2022, BharatPay, a digital financial services provider, experienced a serious data breach exposing the personal data of around 37,000 users. The leaked information included sensitive details such as usernames, hashed passwords, and transaction data from its backend database. The incident, which spanned several years of data, underscores the vulnerabilities in the fintech sector and the critical need for enhanced security measures to protect customer information.
In September 2022, the Swachh City platform, associated with the Swachh Bharat Mission, was hacked, compromising the data of approximately 16 million users. The attackers, known as LeakBase, accessed critical information such as email addresses, password hashes, and phone numbers, which were later offered for sale on the Dark Web. The breach poses risks for phishing attacks and other cybercrimes, showcasing vulnerabilities in government platforms that handle citizen data.
In December 2022, the All India Institute of Medical Sciences (AIIMS) suffered a significant cyberattack, leading to the encryption of about 1.3 terabytes of data across five servers. The incident was attributed to unauthorized network access, exacerbated by inadequate network segmentation. While no ransom was demanded, the attack underscored vulnerabilities in critical healthcare infrastructure. Fortunately, e-Hospital data was restored from an unaffected backup, and application functionalities were reinstated within two weeks.
RailYatri, an e-booking service for Indian Railways, faced a data breach in December 2022 that resulted in over 30 million user records being compromised. The breach was revealed when a threat actor leaked the data on a cybercrime forum, although RailYatri claimed that no sensitive customer data was accessed. This incident highlighted the ongoing cybersecurity challenges faced by online platforms in the transportation sector.
In December 2022, CloudSEK, an Indian cybersecurity firm, suffered a targeted breach aimed at damaging its reputation within the cyber threat intelligence community. The attackers claimed to have accessed sensitive information, including source codes and client data, although CloudSEK denied these allegations. The breach revealed vulnerabilities in the company’s internal security practices and served as a reminder of the constant threats faced by organizations in the cybersecurity sector.
Zivame, a popular online platform for women’s wear in India, experienced a major data breach affecting around 1.5 million customers. The personal information, including names, email addresses, and phone numbers, was offered for sale online for $500 in cryptocurrency. Investigations revealed the seller provided a sample dataset as proof of the breach, emphasizing the risks associated with personal data exposure in e-commerce platforms.
Motilal Oswal Financial Services experienced a cyber incident linked to the LockBit group, known for extortion tactics. Although the attack involved malicious activities detected on employee systems, the company reported no disruption to operations. The issue was promptly addressed, and services continued as normal, emphasizing the resilience of its IT environment.
Polycab India Limited, a leading wires and cables manufacturer, reported a ransomware attack targeting its IT infrastructure. Compliant with SEBI regulations, Polycab confirmed that while the attack occurred, its core systems and manufacturing operations remained unaffected. The company is collaborating with cybersecurity experts and law enforcement to enhance its security measures and investigate the incident further.
Sun Pharmaceutical Industries, a major player in the Indian pharmaceutical sector, faced a cyberattack that disrupted its operations. While the company disclosed the breach to stock exchanges, details regarding the perpetrator and extent of the data compromised remain unclear. This incident marked the third significant attack on an Indian drugmaker, raising concerns about the security of critical healthcare infrastructure and the potential impact on patient safety and data integrity.
In May 2023, the MoChhatua app, aimed at digitizing ration distribution in Odisha, was reportedly breached, exposing sensitive user data such as names, emails, and passwords. A hacker claimed responsibility on a forum, sharing screenshots of the compromised data. Despite attempts to verify the breach with the Odisha state government, no official confirmation was provided, raising concerns about the security of government applications and the sensitive data they handle.
In April 2023, a massive data breach affected over 66.9 crore individuals and organizations, prompting the Cyberabad Police to investigate. Notices were issued to 11 organizations, including banks and IT firms, linked to the unauthorized access and theft of personal and confidential data. The breach raised alarms about the security practices of various sectors and highlighted the need for stringent measures to protect sensitive information.
In April 2023, Rentomojo, an online rental platform, fell victim to a data breach, risking the personal information of its users. Although the company assured that financial data was not compromised, reports surfaced of a hacking group claiming access to sensitive personal information. The breach, attributed to cloud misconfiguration, highlights the escalating threats faced by businesses in the digital rental space and the importance of robust security practices.
The SPARSH portal, developed by Tata Consultancy Services for managing pension processes for defense personnel, suffered a data breach that exposed sensitive information, including usernames and pension numbers. The compromised data, reportedly sold on the dark web, raised significant privacy concerns and led to scrutiny over the portal’s security protocols.
Hathway, a major ISP and cable operator in India, was hit by a massive data breach that exposed personal data of over 41.5 million customers. A hacker named ‘dawnofdevil’ exploited a vulnerability in the company’s content management system, resulting in the leak of over 200GB of sensitive information, which was subsequently made available on a breach forum.
The Telangana police’s Hawk Eye app experienced a data breach, exposing sensitive information of approximately 200,000 citizens. The breach, attributed to hacker “Adm1nFr1end[1],” involved personal data such as phone numbers and addresses. The police were able to track the hacker and make an arrest, highlighting the importance of proactive cybersecurity measures.
Tamil Nadu’s police Facial Recognition Software portal was breached using compromised credentials, exposing data of over 6 million records. Although the breach did not directly compromise the data, it raised significant concerns regarding security practices within the department. Investigations are ongoing, with relevant authorities alerted to the incident.
The NDMA of India faced a data breach that compromised the personal data of 93,000 volunteers. The hacker, using the alias “infamous,” claimed to have accessed and offered the data for sale on the dark web. Although NDMA’s website showed no signs of a breach, volunteers were advised to be vigilant against identity theft and fraud.
Consumer electronics brand boAt experienced a significant data breach, revealing the personal information of over 7.5 million users. Allegedly executed by a hacker known as ‘ShopifyGUY[2],’ the breach involved the leak of sensitive data, including names and email addresses, which was subsequently shared on dark web forums. boAt has acknowledged the incident and initiated an investigation.
Hyundai Motor India recently rectified a data breach linked to vulnerabilities in web links shared via WhatsApp. The exposed data included customers’ personal information and vehicle details. The company has since addressed the issue and reaffirmed its commitment to protecting customer data.
On February 27, Burger Singh’s website was hacked by the group ‘Team Insane PK,’ leading to a defacement incident fueled by a controversial promo code, ‘FPAK20.’ In an unexpected twist, Burger Singh decided to embrace the graffiti for a day, playfully calling it an “open mic night for hackers,” showcasing a unique response to the cyberattack.
In early 2024, WazirX, a prominent Indian cryptocurrency exchange, faced a significant data breach when one of its multisig wallets, managed by Liminal’s custody services, was compromised, resulting in the theft of over $230 million. Despite strong security measures, attackers exploited discrepancies in transaction data to gain unauthorized access. WazirX has since halted deposits and initiated recovery efforts for the stolen funds.
The hacker group Transparent Tribe targeted critical sectors within India’s government and defense industries, using phishing emails to gain access to sensitive systems. The attacks were particularly focused on the Department of Defense Production, highlighting ongoing vulnerabilities within vital sectors.
Bharat Sanchar Nigam Limited (BSNL) suffered a major data breach, exposing sensitive information of millions of users, including IMSI numbers and SIM card details. The attack, attributed to a hacker named ‘kiberphant0m,’ involved the theft of over 278 gigabytes of data, which was offered for sale on the dark web. The government has since formed an inter-ministerial committee to audit telecom networks and bolster security.
In early 2024, an espionage campaign aimed at the Indian energy sector was uncovered, utilizing modified malware to collect sensitive data. The attackers exfiltrated 8.81GB of information, indicating a serious threat to the infrastructure of government and private energy companies, showcasing the importance of robust cybersecurity measures in critical sectors.
A cyber fraud involving over Rs.1 crore occurred after hackers compromised the Uttar Pradesh Marriage Assistance Scheme website. By exploiting the ID of the Additional Labour Commissioner, unauthorized payments were made to ineligible candidates. Authorities have launched an investigation to recover the funds and prevent future breaches.
The cyber attacks that have plagued India serve as stark reminders of the vulnerabilities that exist within our digital infrastructure. Each incident has revealed critical lessons that organizations and individuals can apply to bolster their cybersecurity measures:
To combat the growing threats posed by cyberattacks, organizations, particularly in critical sectors, must adopt a proactive approach to enhance their cybersecurity posture. Here are essential recommendations that Sattrix InfoSec advocates for bolstering security measures:
Cybersecurity is not just a technical issue; it’s a critical business imperative. The cyberattacks faced by various sectors in India serve as stark reminders of the vulnerabilities that exist. By adopting the recommendations discussed, organizations can take proactive steps to enhance their cybersecurity measures and protect against future threats.
The top five cyber crimes in India include:
The latest significant attack targeted WazirX in early 2024, resulting in the theft of over $230 million from its multisig wallet.
The WannaCry ransomware attack in May 2017 is the largest, affecting hundreds of thousands of computers across 150 countries.
India is the third most targeted country for cyber attacks globally, following the US and China, with thousands of incidents occurring daily.
