10 Biggest Data Breaches in the India [2025]

Data breaches have emerged as a critical risk for organizations across India, highlighting vulnerabilities in cybersecurity frameworks. In 2023 alone, India ranked fifth globally in terms of the highest number of breached accounts, with 5.3 million accounts compromised, underscoring the magnitude and persistence of cyber threats.

The volume of incidents reported by the Indian Computer Emergency Response Team (CERT-In) reflects this reality, massivly increasing from 53,117 incidents in 2017 to an overwhelming 1.32 million between January and October 2023.

The financial repercussions of these breaches are substantial, with the average cost of a data breach in India reaching $2.18 million in 2023. Beyond monetary losses, breaches severely undermine consumer trust, harm brand reputation, and can inflict lasting damage on organizational credibility.

Phishing remains the most prevalent cyberattack vector in India, responsible for 22% of incidents in 2023, followed closely by attacks involving compromised credentials (16%). Additionally, unauthorized network scanning, probing, and exploitation of vulnerable services collectively account for more than 80% of the nation’s cybersecurity incidents.

Industries particularly vulnerable to cyber threats include automotive, telecom, government, and energy sectors. The automotive sector, notably impacted due to increasing reliance on smart mobility APIs and electric vehicle charging infrastructure, has emerged as especially susceptible.

In this article, we will examine the ten largest and most impactful data breaches in India's recent history, exploring the mechanisms behind these breaches, their consequences, and essential lessons organizations must learn to bolster their defenses against future cyber threats.

As one of the world’s fastest-growing digital economies, India presents an appealing landscape for cybercriminals aiming to exploit vulnerabilities. Several key factors contribute to India’s susceptibility to significant data breaches:

India’s remarkable acceleration in digital adoption (spanning across digital payments, cloud computing, and expansive government e-services) has significantly transformed business operations and everyday life. However, this swift digital growth frequently exceeds the pace at which cybersecurity measures are implemented, resulting in critical security gaps. Many Indian organizations, particularly small and medium enterprises (SMEs), have struggled to match their security protocols to evolving cyber threats, creating extensive vulnerabilities through outdated or insufficient cybersecurity practices. Consequently, the rapid expansion of digital infrastructure has inadvertently amplified opportunities for cybercriminals, making India an attractive target for data breaches.

India has seen the emergence of a significant shadow economy where sensitive personal and financial information is actively traded, sometimes readily discoverable through basic online searches. Historically lax data protection laws and inconsistent enforcement have further aggravated this situation, providing minimal deterrence to insiders and external cybercriminals alike. This environment lowers the perceived risk of prosecution, encouraging malicious actors to freely trade or misuse stolen data, thus elevating India’s vulnerability to widespread data breaches.

India’s critical sectors, including healthcare, finance, telecommunications, and government, hold extensive repositories of highly sensitive data yet frequently suffer from inadequate cybersecurity investments and reliance on outdated, legacy IT systems. These systemic weaknesses make such sectors particularly appealing targets for cybercriminals, offering high-value information with comparatively low barriers to breach. The fragmented and underfunded cybersecurity landscape across these critical industries remains a substantial factor behind India’s susceptibility to data breaches.

A significant proportion of India’s institutions continue to rely heavily on outdated IT infrastructure, leaving them vulnerable to well-documented and easily exploitable cybersecurity flaws. Compounding this issue is the widespread dependence on third-party vendors and externally developed software, frequently adopted without a vetting processes or effective oversight. The interplay of obsolete technology and insufficient management of third-party relationships thus provides a good base for cybercriminals, amplifying both the frequency and severity of data breaches across India.

In the following, you find a list of the largest data breaches in India. The data breaches are sorted by the number of impacted accounts in descending order.

In early 2018, India’s Aadhaar database, managed by the Unique Identification Authority of India (UIDAI), experienced one of the largest data breaches globally, affecting approximately 1.1 billion residents. Unauthorized access exposed extensive personal and biometric information, including names, Aadhaar numbers, bank account details, mobile numbers, addresses, and biometric data such as fingerprints and iris scans. The breach was uncovered when journalists revealed that access to the database was being openly sold online for as little as 500 rupees (approx. $7), highlighting serious lapses in endpoint security across government and third-party utility systems. Investigations showed vulnerabilities in poorly secured APIs and insufficient access controls, leading to widespread criticism regarding inadequate oversight and security frameworks within UIDAI and affiliated organizations.

Prevention methods:

• Enforce strict access controls and endpoint security protocols, ensuring secure API management and regular audits.

• Implement comprehensive data encryption and tokenization for sensitive biometric and personal information stored within large-scale databases.

• Establish rigorous cybersecurity guidelines and continuous monitoring for all third-party entities handling Aadhaar data, including mandatory periodic assessments and audits.

In early 2023, a massive cybersecurity incident impacted the Indian Council of Medical Research (ICMR), resulting in the theft of sensitive data belonging to approximately 815 million Indian citizens. The breach included critical personal details such as names, Aadhaar numbers, passport information, phone numbers, residential addresses, and COVID-19 test results. Cybercriminals reportedly infiltrated ICMR’s extensive COVID-19 test data repository and subsequently listed the stolen data for sale on prominent dark web forums, highlighting vulnerabilities in securing sensitive healthcare information. The incident exposed major weaknesses in data governance, storage practices, and security protocols within healthcare and governmental entities, leading to intense public scrutiny and calls for tighter regulation.

Prevention methods:

• Implement robust encryption standards and secure storage solutions specifically for sensitive health-related databases.

• Regularly audit and monitor healthcare information systems for unauthorized access, anomalous activities, and potential vulnerabilities.

• Enforce stringent data handling and cybersecurity practices, including multi-factor authentication, for all staff accessing sensitive databases.

In October 2020, BigBasket, India’s prominent online grocery delivery service, suffered a data breach impacting approximately 20 million users. Attackers gained unauthorized access to sensitive customer information including email addresses, password hashes, PINs, phone numbers, physical addresses, birthdates, and detailed purchase histories. The stolen data subsequently surfaced on dark web marketplaces, being openly sold to cybercriminals. The breach stemmed from a vulnerability in BigBasket’s infrastructure, highlighting gaps in database security, encryption practices, and overall cybersecurity preparedness. The incident raised concerns over the safety of consumer data on India’s rapidly expanding e-commerce platforms and prompted widespread calls for improved security standards in the sector.

Prevention methods:

• Strengthen database encryption and hashing standards to ensure robust protection of passwords and sensitive user credentials.

• Deploy advanced threat detection systems to quickly identify unauthorized access and suspicious activity within the infrastructure.

• Regularly conduct comprehensive security audits, vulnerability assessments, and penetration testing on e-commerce platforms to proactively address potential exploits.

In early 2019, State Bank of India (SBI), the largest public-sector bank in India, experienced a significant data breach that exposed sensitive customer information. An unsecured server hosted by the bank was discovered openly accessible online, leaking data such as customer mobile numbers, partial bank account numbers, account balances, and detailed transaction histories. The server lacked proper password protection and encryption, allowing anyone to freely view and potentially exploit customer information. This security lapse revealed critical weaknesses in SBI’s data governance, endpoint management, and infrastructure security. The breach triggered widespread concern regarding cybersecurity standards within India’s banking sector, emphasizing the urgency of improved data protection practices and regulatory oversight.

Prevention methods:

• Enforce comprehensive security standards for servers and databases, including mandatory encryption, strong access controls, and regular audits.

• Implement real-time monitoring and anomaly detection systems to promptly identify exposed or unsecured endpoints.

• Establish rigorous data governance policies, ensuring regular vulnerability assessments and strict compliance with cybersecurity best practices across all banking infrastructure.

In April 2019, Justdial, one of India’s leading local search engines, experienced a security lapse due to an unprotected API endpoint. This vulnerability resulted in the exposure of sensitive information belonging to nearly 100 million users, including names, mobile numbers, email addresses, physical addresses, and additional user profile details. The breach was discovered when independent security researchers identified and reported the open-access API, highlighting severe deficiencies in Justdial’s API management, endpoint security, and overall cybersecurity practices. The incident underscored the risks posed by inadequately secured APIs and prompted widespread criticism of digital platforms’ negligence towards fundamental data protection measures.

Prevention methods:

• Implement secure API management practices, including stringent authentication protocols, rate limiting, and continuous monitoring of API endpoints.

• Regularly audit and test API endpoints to proactively detect vulnerabilities and unauthorized access points.

• Enforce rigorous cybersecurity frameworks and employee training programs to ensure awareness and adherence to best practices for securing customer data.

In March 2024, Hathway, a leading Indian Internet Service Provider (ISP) and cable operator, experienced a major security breach that compromised the personal information of over 41.5 million customers. The breach resulted from the exploitation of a critical vulnerability in Hathway’s content management system (CMS), enabling attackers to access and subsequently leak approximately 200GB of highly sensitive user data. Exposed information included customer names, email addresses, phone numbers, residential addresses, account credentials, and comprehensive subscription and billing details. This incident highlighted deficiencies in Hathway’s digital security, particularly around web application security practices and CMS maintenance, causing widespread concern among customers and intensifying calls for stricter security compliance across India’s telecom sector.

Prevention methods:

• Conduct regular security audits and vulnerability assessments of web applications and content management systems to proactively detect and remediate security flaws.

• Adopt robust encryption standards and enforce strict access control measures to protect sensitive customer data stored within digital infrastructure.

• Implement continuous monitoring and threat detection solutions to swiftly identify and mitigate unauthorized intrusions or unusual data access patterns.

In July 2024, Bharat Sanchar Nigam Limited (BSNL), one of India’s largest state-owned telecommunications providers, suffered a data breach, compromising the sensitive data of millions of users. Attackers infiltrated BSNL’s internal systems and accessed confidential information, including IMSI (International Mobile Subscriber Identity) numbers, SIM card details, detailed server snapshots, and extensive customer account information. Shortly after the breach, this stolen data surfaced for sale on various dark web marketplaces, intensifying concerns over potential misuse such as SIM swapping and targeted phishing attacks. The breach underscored critical vulnerabilities within BSNL’s cybersecurity infrastructure, particularly around secure data storage, endpoint protection, and incident response capabilities, triggering calls for enhanced cybersecurity standards and practices within India’s telecommunications industry.

Prevention methods:

• Enhance data protection by enforcing strict encryption and secure storage solutions for customer information, particularly sensitive identifiers like IMSI numbers and SIM data.

• Implement comprehensive real-time monitoring, intrusion detection systems, and rapid response protocols to quickly identify and mitigate potential threats.

• Regularly perform cybersecurity audits and penetration tests on telecommunications infrastructure to identify and remediate vulnerabilities proactively.

In February 2024, boAt, a prominent Indian consumer electronics and lifestyle brand, experienced a cybersecurity incident leading to the exposure of sensitive personal data for over 7.5 million customers. Attackers breached the company’s database, gaining unauthorized access to user information, including customer names, residential addresses, phone numbers, email addresses, and purchase histories. This breach emphasized significant shortcomings in boAt’s data security practices, particularly concerning database encryption, secure customer data handling, and incident detection capabilities. The leaked information heightened customers’ vulnerability to identity theft, phishing, and targeted scams, prompting widespread concern over the protection of consumer data within India’s rapidly expanding consumer electronics market.

Prevention methods:

• Adopt rigorous encryption protocols for customer databases, ensuring sensitive personal and transactional information remains protected even if breached.

• Implement comprehensive threat detection and real-time monitoring systems to quickly identify and respond to unauthorized access attempts.

• Regularly conduct cybersecurity audits, vulnerability assessments, and penetration testing, enhancing preparedness and resilience against cyber threats.

In January 2020, Unacademy, one of India’s largest online learning platforms, experienced a cybersecurity breach affecting over 11 million users. Cyber attackers gained unauthorized access to sensitive user data including email addresses, usernames, hashed passwords, account registration dates, and detailed user activity logs. The compromised data was subsequently discovered on the dark web, being actively sold to malicious actors. Investigations revealed vulnerabilities within Unacademy’s security protocols, particularly concerning password hashing methods, database protections, and incident detection processes. This incident raised substantial concerns about data privacy and security practices within India’s burgeoning ed-tech sector, emphasizing the urgent need for strengthened cybersecurity measures.

Prevention methods:

• Utilize robust hashing algorithms combined with salting techniques to secure user passwords and protect against brute force and credential stuffing attacks.

• Establish advanced threat detection systems and real-time monitoring to swiftly identify suspicious activities or unauthorized database access.

• Perform routine security assessments, penetration testing, and employee training to continuously improve the organization’s cybersecurity posture and readiness.

In June 2024, Telangana Police’s Hawk Eye mobile application, designed for citizens to report incidents and crimes, experienced a significant cybersecurity breach, compromising the personal data of approximately 200,000 users. The attacker exploited vulnerabilities within the app’s backend infrastructure, gaining unauthorized access to sensitive user information such as names, phone numbers, residential addresses, and detailed incident reports and user-submitted complaints. Following investigations by cybersecurity teams and law enforcement authorities, the perpetrator was successfully apprehended. This incident highlighted critical gaps in mobile application security, emphasizing the necessity for rigorous data protection and security standards, particularly within government-operated digital services.

Prevention methods:

• Implement rigorous application security practices, including comprehensive code reviews, secure API design, and routine penetration testing to proactively identify vulnerabilities.

• Enforce strict access controls and encryption protocols to ensure the protection of sensitive citizen data within government-operated applications.

• Deploy real-time monitoring and threat detection mechanisms, enabling swift detection, containment, and response to cybersecurity incidents.

After looking at the biggest data breaches that happened in India up to 2025, we notice a few observations that reoccur across these breaches:

Many breaches, notably Aadhaar, Justdial, and the Hawk Eye App incidents, stemmed from poorly secured APIs and vulnerable endpoints. APIs frequently lacked proper authentication, authorization, and rate-limiting mechanisms, allowing unauthorized users easy access to highly sensitive data. Endpoint security, often overlooked in rapid digital rollouts, created pathways for attackers to gain extensive access to customer and citizen information. Organizations must prioritize API security through stringent authentication measures, regular vulnerability testing, and endpoint security practices to mitigate these risks.

Critical sectors such as banking (SBI breach), telecommunications (BSNL and Hathway breaches), and healthcare (ICMR breach) consistently faced data exposure due to outdated legacy systems and chronically underfunded cybersecurity infrastructure. These older systems often contained widely known vulnerabilities that were actively exploited by attackers. Underinvestment in modern cybersecurity tools, proactive monitoring solutions, and regular vulnerability assessments meant that attackers faced minimal resistance. Strengthening cybersecurity budgets and upgrading legacy systems are essential to protecting sensitive data effectively.

Several significant breaches, including those involving BigBasket, boAt, and Unacademy, were exacerbated by inadequate data encryption and poor management of user credentials. Storing passwords with weak hashing algorithms or failing to encrypt sensitive customer data allowed attackers to leverage breached information easily. Additionally, sensitive data stored in clear text or inadequately protected databases further increased exposure. Adopting robust encryption methods, strong password hashing techniques (with salting), and enforcing stringent data management policies can significantly reduce such risks.

Several breaches, notably those at SBI and Hathway, highlighted significant vulnerabilities arising from poor management and inadequate security oversight of third-party vendors. Reliance on external entities, without thorough vetting and stringent security agreements, allowed attackers to exploit weaker third-party security practices to infiltrate larger organizations. Third-party software and infrastructure often introduced hidden vulnerabilities that organizations failed to identify due to insufficient due diligence. Ensuring robust vendor risk assessments, continuous monitoring of third-party security posture, and clear contractual cybersecurity obligations are critical to preventing future breaches.

The analysis of India’s most significant data breaches shows a clear and critical message: many cyber incidents are preventable through fundamental improvements in cybersecurity practices. Rather than sophisticated exploits, most breaches occurred due to basic oversights such as inadequate API and endpoint security, underinvestment in cybersecurity infrastructure, poor encryption standards, delayed incident detection, and insufficient management of third-party vendors. These systemic vulnerabilities not only compromise sensitive personal data but also erode consumer trust and organizational reputation.

As India continues its rapid digital transformation, organizations across all sectors must prioritize cybersecurity investments, implement robust data protection policies, and enhance awareness through comprehensive training. Strengthening cybersecurity is no longer merely a technical consideration; it is an essential responsibility for organizations aiming to safeguard consumer confidence and sustain their future growth.