India has become a hub for cyber-attacks, ranking as the sixth most breached country since the first recorded digital attacks in 2004, revealed a new report by cybersecurity company Surfshark. To put in perspective, 18 out of every 100 Indians had their personal contact details breached. “In a country which has lost over 962.7 million peoples’ contact details to data breaches over the past 18 years and lacks strong data protection laws, this poses serious cybersecurity concerns,” the company said in its report.
This report comes after Surfshark became the second major virtual private network (VPN) provider to shut down its servers in India in response to the country’s new cybersecurity directive which requires VPNs to store user data for a period of five years.
According to Surfshark, since 2004, over 14.9 billion accounts have been leaked and a striking 254.9 million of them belong to users from India. In 2022’Q1, 304 accounts were being breached every minute. In the present quarter (2022’Q2), however, breach rates are 6.7 per cent higher. As of June 1 2022, only two months into the quarter, India’s breach rate is now 740 per cent higher than in 2022’Q1, rising from 5 to 42 breached accounts per minute.
Surfshark’s data shows that Indians lose 3.8 data points per every breached account, while the global average is only 2.3. Some of the reasons for this could be user habits or extensive data collection practices of Indian online services and applications.
Best of Express Premium
Premium
Premium
Premium
Premium“Lack of privacy legislation puts India’s users’ data in danger of being sold, reused, or exploited in offences. While the country’s tech industry proves to be affluent, the protection of personal digital data falls short when compared with international standards. Authoritative news sources suggest that current legal acts are outdated and require revamping, and digital privacy continues to weaken with newly introduced bills,” the cyber security firm added.
Commenting on the recent VPN directives, where CERT-In directed several companies to collect and store users’ data — names, addresses, contact numbers, email, and IP addresses — for up to five years and hand over this information if requested, Gytis Malinauskas, Head of Legal at Surfshark said that taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country. “Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
