Ride-hailing company Uber last year witnessed a massive data breach of the personal information of 57 million customers and drivers. However, the news of data breach came in public recently.
With every passing year, cases of data theft are increasing. More data records were leaked during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).
According to digital security company Gemalto’s Breach Level Index report, an average of 10.4 million records are exposed or swiped every day.
In this list of data breaches, Indian companies also qualify with millions of data exposed this year alone.
Zomato with 17 million exposed records, when hackers stole names, emails and passwords of its users, is at the eighth position with breach level severity to catastrophic 9.1.
As a preventive measure, Zomato reset the passwords for all affected users and logged them out of its app and website. “Since we have reset the passwords, affected users' Zomato account as well as credit card information is secure, so there is nothing to worry about there,” said the company in a statement.
Post the leak, Zomato assured that it will further enhance its security measures for all user information stored within its database. It will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach.
“Data is the most important factor in today’s world. As startups are data-driven and this makes it more vulnerable than other companies,” said Prashant Mali, Cyber Law & Cyber Security Expert.
He, however, added that negligence part cannot be ruled out as well. Startups are hardly sensitive towards legal compliance as their focus is productivity and quick profits. A large number of startups are at a huge risk as protecting data remains their low priority
Faisal Kawoosa, General Manager-Research & Consulting at CyberMedia Research also acknowledged the laxity on startups side. “Those startups which are exploring ways to monetize data in conjunction with third-party users make data porous. And this makes data more vulnerable to leaks and thefts.”
Severe threat for users
Currently, India digital economy is $270 billion and will touch $1 trillion by 2023. India is third worst affected among 100 countries.
According to Assocham-PWC study, cyberattacks can deliver economic blows, derail India from its projected growth trajectory and worsen relations with our neighbours, unleashing a state of anarchy.
According to another report, almost 74% of the organizations in India have not done a risk assessment including cybersecurity. India is one of the most infected countries in the world.
Experts explain as users turn digital natives, a large amount of private information and financial details are floating in the cyberspace.
Based on these private details, companies also do some sort of data analytics. They also have derived data about tastes, mood, choices, relationships and many other sensitive information; all getting into hands of anti-social beings possess huge risks.
Through data leaks not only personal information is leaked but financial data as well.
Zomato data hacking is a case in point when Hackeread.com, a user by the name of "nclay" claimed to hack the company’s data and was willing to sell data pertaining to registered users on a popular Dark Web marketplace.
Losing financial data put users exposed to financial theft. Even if passwords are changed later the idea of keeping passwords by individuals is open in the market and make users prone to financial loss.
What're your rights?
According to experts, sensitive personal data cannot be shared by organisations without the permission of owners. If some leaks happen, the same criminal case for abetment of data theft under Section 43(a) read with Section 66 can be filed and under Section 43(A) i.e “capital A “ a suit for compensation can be filed recovering crores in damages and compensation.
“Companies who failed to protect users’ data can be sued for recursive negligence. When breach happens multiple times, it becomes a grave issue as even courts will lose trust in them. Zomato is a fit case for class action suit. If that gets initiated, they will vanish in thin air. What saves these companies is ignorance of masses towards their rights and lack of knowledge of law in India,” said Mali.
Future of data leaks
Most data leaks are still the clear-cut, old-fashioned kind — data was accessed by someone explicitly not authorized to use it, whether an outsider or insider.
But future of data theft is going to change with the new introduction of machine learning and artificial intelligence.
Experts observed that AI and quantum computing may destroy the important cover of cryptography and encryption in future. With the help of machine learning algorithm, hackers can make unrealistically good predictions.
However, the other side of technology is also working to make cryptography more secure. “Blockchain is one of the solution providers to fight against data theft. By allowing digital information to be distributed but not copied, blockchain technology created the backbone of a new type of internet. Originally devised for the digital currency, Bitcoin, the technology is used for any type of data security as well,” said Kawoosa.