BigBasket Data Breach Exposes Personal Information of Millions on Dark Web
The absence of a specific legislation on data protection in India has time and again compromised significant amounts of user data, which often end up on the dark web. Even though several amendments to the Information Technology Act were introduced as a safety measure, the explosion of cybercrimes in India is happening unabated. Big Basket is the latest victim and its data breach is yet another example of how data security is a critical matter.
Big Basket, one of India’s leading online grocery stores, made a huge comeback in India after being hit in the initial days of the COVID-19 lockdown. The technology-savvy company used its infrastructure investment to restart operations, despite manpower shortage, in a COVID-affected world. However, the company failed to protect its customers’ information as it fell prey to data theft.
As the data suggests, the recent Big Basket data breach compromised the personal information of nearly 20 million customers. The full names, email IDs, password hashes, contact numbers, date of birth, location, IP address etc. of the users have been allegedly put up for sale on the dark web for $40,000. While evaluating the extent of the breach and authenticity of the claim, Big Basket said that it was finding “immediate ways to contain it”.
One of the cybersecurity firms, Cyble stated that the alleged breach occurred on October 14. The firm first detected it on October 30 and post confirmation disclosed it to the Big Basket authorities on November 1. Thereafter, the Big Basket data breach was made public on November 7. The company filed a complaint with the Cyber Crime Cell in Bengaluru.
In response to the BigBasket data breach, the company clarified that it never stores the users’ financial data, including credit card numbers, and sounded confident that the financial data is secure.
“The privacy and confidentiality of our customers is our priority,” Big Basket responded. Despite the statements, it does face reputational damage because of the breach.
Nearly six incidents of cyber breaches have occurred in India in the last one month. The constant attacks are a matter of huge concern. The best solution can come from good legislative provisions along with suitable public and employee awareness as India continues to move forward in strengthening its cybersecurity solutions.