--- url: 'https://www.corbado.com/blog/data-breaches-india' title: '10 Biggest Data Breaches in India [2026]' description: 'Learn about the biggest data breaches in India, why the India is an attractive target for cyber attacks and how these could have been prevented.' lang: 'en' author: 'Alex' date: '2025-05-15T02:55:05.361Z' lastModified: '2026-03-27T07:01:31.155Z' keywords: 'data breach India, data breach India, largest data breach India 2025, cyber attack India, user data leak India, national data breach India, data hack India, biggest data breach India 2025, hacked India companies' category: 'Authentication' --- # 10 Biggest Data Breaches in India [2026] ## Key Facts - India's largest data breaches include the **2018 Aadhaar breach** affecting 1.1 billion residents and the 2023 ICMR breach exposing 815 million records, both exploiting API vulnerabilities. - India ranked **fifth globally** in breached accounts in 2023, with CERT-In incidents rising from 53,117 in 2017 to 1.32 million between January and October 2023. - The **average cost of a data breach** in India reached USD 2.18 million in 2023, with phishing responsible for 22% of incidents and compromised credentials for 16%. - Most Indian breaches result from **inadequate API security**, weak encryption and underinvestment in cybersecurity infrastructure rather than sophisticated exploits. ## 1. Introduction: Why are Data Breaches a Risk for Organizations in India? Data breaches have emerged as a critical risk for organizations across India, highlighting [vulnerabilities](https://www.corbado.com/glossary/vulnerability) in [cybersecurity frameworks](https://www.corbado.com/blog/cybersecurity-frameworks). In 2023 alone, India ranked fifth globally in terms of the highest number of breached accounts, with 5.3 million accounts compromised, underscoring the magnitude and persistence of cyber threats. The volume of incidents reported by the Indian Computer Emergency Response Team (CERT-In) reflects this reality, massively increasing from 53,117 incidents in 2017 to an overwhelming 1.32 million between January and October 2023. The financial repercussions of these breaches are substantial, with the average cost of a [data breach](https://www.corbado.com/glossary/data-breach) in India reaching $2.18 million in 2023. Beyond monetary losses, breaches severely undermine consumer trust, harm brand reputation, and can inflict lasting damage on organizational credibility. [Phishing](https://www.corbado.com/glossary/phishing) remains the most prevalent cyberattack vector in India, responsible for 22% of incidents in 2023, followed closely by attacks involving compromised credentials (16%). Additionally, unauthorized network scanning, probing, and exploitation of vulnerable services collectively account for more than 80% of the nation’s cybersecurity incidents. Industries particularly vulnerable to cyber threats include automotive, [telecom](https://www.corbado.com/passkeys-for-telecom), [government](https://www.corbado.com/passkeys-for-public-sector), and [energy](https://www.corbado.com/passkeys-for-energy) sectors. The automotive sector, notably impacted due to increasing reliance on smart mobility APIs and electric vehicle charging infrastructure, has emerged as especially susceptible. In this article, we will examine the ten largest and most impactful data breaches in India's recent history, exploring the mechanisms behind these breaches, their consequences, and essential lessons organizations must learn to bolster their defenses against future cyber threats. ## 2. Why is India an attractive Target for Data Breaches? As one of the world’s fastest-growing digital economies, India presents an appealing landscape for cybercriminals aiming to [exploit](https://www.corbado.com/glossary/exploit) [vulnerabilities](https://www.corbado.com/glossary/vulnerability). Several key factors contribute to India’s susceptibility to significant data breaches: ### 2.1 Rapid Digital Expansion Outpacing Security India’s remarkable acceleration in digital adoption (spanning across digital [payments](https://www.corbado.com/passkeys-for-payment), cloud computing, and expansive [government](https://www.corbado.com/passkeys-for-public-sector) e-services) has significantly transformed business operations and everyday life. However, this swift digital growth frequently exceeds the pace at which cybersecurity measures are implemented, resulting in critical security gaps. Many Indian organizations, particularly small and medium enterprises (SMEs), have struggled to match their security protocols to evolving cyber threats, creating extensive [vulnerabilities](https://www.corbado.com/glossary/vulnerability) through outdated or insufficient cybersecurity practices. Consequently, the rapid expansion of digital infrastructure has inadvertently amplified opportunities for cybercriminals, making India an attractive target for data breaches. ### 2.2 Thriving Shadow Economy for Data India has seen the emergence of a significant shadow economy where sensitive personal and financial information is actively traded, sometimes readily discoverable through basic online searches. Historically lax data protection laws and inconsistent enforcement have further aggravated this situation, providing minimal deterrence to insiders and external cybercriminals alike. This environment lowers the perceived risk of prosecution, encouraging malicious actors to freely trade or misuse stolen data, thus elevating India’s [vulnerability](https://www.corbado.com/glossary/vulnerability) to widespread data breaches. ### 2.3 Fragmented and Underfunded Cybersecurity in Critical Sectors India’s critical sectors, including [healthcare](https://www.corbado.com/passkeys-for-healthcare), finance, [telecommunications](https://www.corbado.com/blog/telstra-passkeys), and [government](https://www.corbado.com/passkeys-for-public-sector), hold extensive repositories of highly sensitive data yet frequently suffer from inadequate cybersecurity investments and reliance on outdated, legacy IT systems. These systemic weaknesses make such sectors particularly appealing targets for cybercriminals, offering high-value information with comparatively low barriers to breach. The fragmented and underfunded cybersecurity landscape across these critical industries remains a substantial factor behind India’s susceptibility to data breaches. ### 2.4 Legacy Systems and Third-Party Risks A significant proportion of India’s institutions continue to rely heavily on outdated IT infrastructure, leaving them vulnerable to well-documented and easily exploitable cybersecurity flaws. Compounding this issue is the widespread dependence on third-party vendors and externally developed software, frequently adopted without a vetting processes or effective oversight. The interplay of obsolete technology and insufficient management of third-party relationships thus provides a good base for cybercriminals, amplifying both the frequency and severity of data breaches across India. ## 3. The biggest Data Breaches in India In the following, you find a list of the largest data breaches in India. The data breaches are sorted by the number of impacted accounts in descending order. ### 3.1 Aadhaar Data Breach (2018) ![Aadhaar-Logo.png](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Aadhaar_Logo_60d6be9422.png) | Details | Information | | ------------------------ | ------------------------------------------- | | Date | Early 2018 (disclosed January 2018) | | Impacted Customer Number | Approximately 1.1 billion Indian residents | | Breached Data | - Names | | | - Aadhaar numbers | | | - Bank account details | | | - Biometric data (fingerprints, iris scans) | | | - Mobile numbers | | | - Addresses | In early 2018, India’s Aadhaar database, managed by the Unique Identification Authority of India (UIDAI), experienced one of the largest data breaches globally, affecting approximately 1.1 billion residents. Unauthorized access exposed extensive personal and biometric information, including names, Aadhaar numbers, bank account details, mobile numbers, addresses, and biometric data such as fingerprints and iris scans. The breach was uncovered when journalists revealed that access to the database was being openly sold online for as little as 500 rupees (approx. $7), highlighting serious lapses in endpoint security across government and third-party utility systems. Investigations showed vulnerabilities in poorly secured APIs and insufficient access controls, leading to widespread criticism regarding inadequate oversight and security frameworks within UIDAI and affiliated organizations. **Prevention methods:** - Enforce strict access controls and endpoint security protocols, ensuring secure API management and regular audits. - Implement comprehensive data encryption and tokenization for sensitive biometric and personal information stored within [large-scale](https://www.corbado.com/blog/introducing-passkeys-large-scale-overview) databases. - Establish rigorous cybersecurity guidelines and continuous monitoring for all third-party entities handling Aadhaar data, including mandatory periodic assessments and audits. ### 3.2 Indian Council of Medical Research (ICMR) COVID-19 Data Breach (2023) ![Indian Council of Medical Research Logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Indian_Council_of_Medical_Research_Logo_b5233cd44c.png) | Details | Information | | ------------------------ | ------------------------------------- | | Date | Early 2023 (disclosed June 2023) | | Impacted Customer Number | Approximately 815 million individuals | | Breached Data | - Names | | | - Aadhaar numbers | | | - Passport information | | | - Phone numbers | | | - Addresses | | | - COVID-19 test results | In early 2023, a massive cybersecurity incident impacted the Indian Council of Medical Research (ICMR), resulting in the theft of sensitive data belonging to approximately 815 million Indian citizens. The breach included critical personal details such as names, Aadhaar numbers, passport information, phone numbers, residential addresses, and COVID-19 test results. Cybercriminals reportedly infiltrated ICMR’s extensive COVID-19 test data repository and subsequently listed the stolen data for sale on prominent dark web forums, highlighting vulnerabilities in securing sensitive [healthcare](https://www.corbado.com/passkeys-for-healthcare) information. The incident exposed major weaknesses in data governance, storage practices, and security protocols within [healthcare](https://www.corbado.com/passkeys-for-healthcare) and governmental entities, leading to intense public scrutiny and calls for tighter regulation. **Prevention methods:** - Implement robust encryption standards and secure storage solutions specifically for sensitive health-related databases. - Regularly audit and monitor healthcare information systems for unauthorized access, anomalous activities, and potential vulnerabilities. - Enforce stringent data handling and cybersecurity practices, including multi-factor authentication, for all staff accessing sensitive databases. ### 3.3 BigBasket Data Breach (2020) ![BigBasket Logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Big_Basket_Logo_e8cef3c552.png) | Details | Information | | ------------------------ | -------------------------------------- | | Date | October 2020 (disclosed November 2020) | | Impacted Customer Number | Approximately 20 million users | | Breached Data | - Email addresses | | | - Password hashes | | | - PINs | | | - Phone numbers | | | - Physical addresses | | | - Dates of birth | | | - Order details | In October 2020, BigBasket, India’s prominent online grocery delivery service, suffered a [data breach](https://www.corbado.com/glossary/data-breach) impacting approximately 20 million users. Attackers gained unauthorized access to sensitive customer information including email addresses, password hashes, PINs, phone numbers, physical addresses, birthdates, and detailed purchase histories. The stolen data subsequently surfaced on dark web [marketplaces](https://www.corbado.com/passkeys-for-e-commerce), being openly sold to cybercriminals. The breach stemmed from a [vulnerability](https://www.corbado.com/glossary/vulnerability) in BigBasket’s infrastructure, highlighting gaps in database security, encryption practices, and overall cybersecurity preparedness. The incident raised concerns over the safety of consumer data on India’s rapidly expanding [e-commerce](https://www.corbado.com/passkeys-for-e-commerce) platforms and prompted widespread calls for improved security standards in the sector. **Prevention methods:** - Strengthen database encryption and hashing standards to ensure robust protection of passwords and sensitive user credentials. - Deploy advanced threat detection systems to quickly identify unauthorized access and suspicious activity within the infrastructure. - Regularly conduct comprehensive security audits, [vulnerability](https://www.corbado.com/glossary/vulnerability) assessments, and penetration testing on [e-commerce](https://www.corbado.com/passkeys-for-e-commerce) platforms to proactively address potential [exploits](https://www.corbado.com/glossary/exploit). ### 3.4 SBI Data Breach (2019) ![SBI Logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/SBI_Logo_383c6c9eec.jpg) | Details | Information | | ------------------------ | ----------------------------------- | | Date | Early 2019 (disclosed January 2019) | | Impacted Customer Number | Millions of SBI customers | | Breached Data | - Mobile numbers | | | - Partial bank account numbers | | | - Account balances | | | - Transaction histories | In early 2019, State Bank of India (SBI), the largest [public-sector](https://www.corbado.com/passkeys-for-public-sector) bank in India, experienced a significant data breach that exposed sensitive customer information. An unsecured server hosted by the bank was discovered openly accessible online, leaking data such as customer mobile numbers, partial bank account numbers, account balances, and detailed transaction histories. The server lacked proper password protection and encryption, allowing anyone to freely view and potentially [exploit](https://www.corbado.com/glossary/exploit) customer information. This security lapse revealed critical weaknesses in SBI’s data governance, endpoint management, and infrastructure security. The breach triggered widespread concern regarding cybersecurity standards within India’s [banking](https://www.corbado.com/passkeys-for-banking) sector, emphasizing the urgency of improved data protection practices and regulatory oversight. **Prevention methods:** - Enforce comprehensive security standards for servers and databases, including mandatory encryption, strong access controls, and regular audits. - Implement real-time monitoring and anomaly detection systems to promptly identify exposed or unsecured endpoints. - Establish rigorous data governance policies, ensuring regular vulnerability assessments and strict compliance with cybersecurity best practices across all [banking](https://www.corbado.com/passkeys-for-banking) infrastructure. ### 3.5 Justdial Data Breach (2019) ![Justdial logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Justdial_logo_e34eff43cc.png) | Details | Information | | ------------------------ | --------------------------------- | | Date | April 2019 (disclosed April 2019) | | Impacted Customer Number | Approximately 100 million users | | Breached Data | - Names | | | - Mobile numbers | | | - Email addresses | | | - Physical addresses | | | - User profile details | In April 2019, Justdial, one of India’s leading local search engines, experienced a security lapse due to an unprotected API endpoint. This vulnerability resulted in the exposure of sensitive information belonging to nearly 100 million users, including names, mobile numbers, email addresses, physical addresses, and additional user profile details. The breach was discovered when independent security researchers identified and reported the open-access API, highlighting severe deficiencies in Justdial’s API management, endpoint security, and overall cybersecurity practices. The incident underscored the risks posed by inadequately secured APIs and prompted widespread criticism of digital platforms’ negligence towards fundamental data protection measures. **Prevention methods:** - Implement secure API management practices, including stringent authentication protocols, rate limiting, and continuous monitoring of API endpoints. - Regularly audit and test API endpoints to proactively detect vulnerabilities and unauthorized access points. - Enforce rigorous [cybersecurity frameworks](https://www.corbado.com/blog/cybersecurity-frameworks) and employee training programs to ensure awareness and adherence to best practices for securing customer data. ### 3.6 Hathway ISP Data Breach (2024) ![Hathway Cable Datacom logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Hathway_Cable_Datacom_logo_edcf128d64.png) | Details | Information | | ------------------------ | ------------------------------------ | | Date | March 2024 (disclosed April 2024) | | Impacted Customer Number | Approximately 41.5 million customers | | Breached Data | - Names | | | - Email addresses | | | - Phone numbers | | | - Addresses | | | - Account credentials | | | - Subscription and billing details | In March 2024, Hathway, a leading Indian Internet Service Provider (ISP) and cable operator, experienced a major security breach that compromised the personal information of over 41.5 million customers. The breach resulted from the exploitation of a critical vulnerability in Hathway’s content management system (CMS), enabling attackers to access and subsequently leak approximately 200GB of highly sensitive user data. Exposed information included customer names, email addresses, phone numbers, residential addresses, account credentials, and comprehensive subscription and billing details. This incident highlighted deficiencies in Hathway’s digital security, particularly around web application security practices and CMS maintenance, causing widespread concern among customers and intensifying calls for stricter security compliance across India’s [telecom](https://www.corbado.com/passkeys-for-telecom) sector. **Prevention methods:** - Conduct regular security audits and vulnerability assessments of web applications and content management systems to proactively detect and remediate security flaws. - Adopt robust encryption standards and enforce strict access control measures to protect sensitive customer data stored within digital infrastructure. - Implement continuous monitoring and threat detection solutions to swiftly identify and mitigate unauthorized intrusions or unusual data access patterns. ### 3.7 BSNL Data Breach (2024) ![BSNL logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/BSNL_logo_0ffa73a0e5.png) | Details | Information | | ------------------------ | --------------------------------- | | Date | July 2024 (disclosed August 2024) | | Impacted Customer Number | Millions of BSNL customers | | Breached Data | - IMSI numbers | | | - SIM card details | | | - Server snapshots | | | - Customer account information | | | - Network infrastructure details | In July 2024, Bharat Sanchar Nigam Limited (BSNL), one of India’s largest state-owned [telecommunications](https://www.corbado.com/blog/telstra-passkeys) providers, suffered a [data breach](https://www.corbado.com/glossary/data-breach), compromising the sensitive data of millions of users. Attackers infiltrated BSNL’s internal systems and accessed confidential information, including IMSI (International Mobile Subscriber Identity) numbers, SIM card details, detailed server snapshots, and extensive customer account information. Shortly after the breach, this stolen data surfaced for sale on various dark web [marketplaces](https://www.corbado.com/passkeys-for-e-commerce), intensifying concerns over potential misuse such as [SIM swapping](https://www.corbado.com/faq/sim-swapping-sms-authentication-risk) and targeted [phishing](https://www.corbado.com/glossary/phishing) attacks. The breach underscored critical vulnerabilities within BSNL’s cybersecurity infrastructure, particularly around secure data storage, endpoint protection, and incident response capabilities, triggering calls for enhanced cybersecurity standards and practices within India’s [telecommunications](https://www.corbado.com/blog/telstra-passkeys) industry. **Prevention methods:** - Enhance data protection by enforcing strict encryption and secure storage solutions for customer information, particularly sensitive identifiers like IMSI numbers and SIM data. - Implement comprehensive real-time monitoring, intrusion detection systems, and rapid response protocols to quickly identify and mitigate potential threats. - Regularly perform cybersecurity audits and penetration tests on telecommunications infrastructure to identify and remediate vulnerabilities proactively. ### 3.8 boAt Data Breach (2024) ![boat logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/boat_logo_0fcbcd1053.png) | Details | Information | | ------------------------ | ------------------------------------ | | Date | February 2024 (disclosed March 2024) | | Impacted Customer Number | Approximately 7.5 million users | | Breached Data | - Names | | | - Addresses | | | - Phone numbers | | | - Email addresses | | | - Purchase histories | In February 2024, boAt, a prominent Indian consumer electronics and lifestyle brand, experienced a cybersecurity incident leading to the exposure of sensitive personal data for over 7.5 million customers. Attackers breached the company’s database, gaining unauthorized access to user information, including customer names, residential addresses, phone numbers, email addresses, and purchase histories. This breach emphasized significant shortcomings in boAt’s data security practices, particularly concerning database encryption, secure customer data handling, and incident detection capabilities. The leaked information heightened customers’ vulnerability to identity theft, [phishing](https://www.corbado.com/glossary/phishing), and targeted scams, prompting widespread concern over the protection of consumer data within India’s rapidly expanding consumer electronics market. **Prevention methods:** - Adopt rigorous encryption protocols for customer databases, ensuring sensitive personal and transactional information remains protected even if breached. - Implement comprehensive threat detection and real-time monitoring systems to quickly identify and respond to unauthorized access attempts. - Regularly conduct cybersecurity audits, vulnerability assessments, and penetration testing, enhancing preparedness and resilience against cyber threats. ### 3.9 Unacademy Data Breach (2020) ![Unacademy logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Unacademy_logo_d3127ff661.png) | Details | Information | | ------------------------ | --------------------------------- | | Date | January 2020 (disclosed May 2020) | | Impacted Customer Number | Approximately 11 million users | | Breached Data | - Email addresses | | | - Usernames | | | - Hashed passwords | | | - Account registration dates | | | - User activity logs | In January 2020, Unacademy, one of India’s largest [online learning](https://www.corbado.com/glossary/microcredentials) platforms, experienced a cybersecurity breach affecting over 11 million users. Cyber attackers gained unauthorized access to sensitive user data including email addresses, usernames, hashed passwords, account registration dates, and detailed user activity logs. The compromised data was subsequently discovered on the dark web, being actively sold to malicious actors. Investigations revealed vulnerabilities within Unacademy’s security protocols, particularly concerning [password hashing](https://www.corbado.com/glossary/password-hashing) methods, database protections, and incident detection processes. This incident raised substantial concerns about data privacy and security practices within India’s burgeoning ed-tech sector, emphasizing the urgent need for strengthened cybersecurity measures. **Prevention methods:** - Utilize robust hashing algorithms combined with salting techniques to secure user passwords and protect against brute force and [credential stuffing](https://www.corbado.com/glossary/credential-stuffing) attacks. - Establish advanced threat detection systems and real-time monitoring to swiftly identify suspicious activities or unauthorized database access. - Perform routine security assessments, penetration testing, and employee training to continuously improve the organization’s cybersecurity posture and readiness. ### 3.10 Telangana Police Hawk Eye App Data Breach (2024) ![Telangana Police logo](https://s3.eu-central-1.amazonaws.com/corbado-cloud-staging-website-assets/Telangana_Police_Logo_858b9f94c9.png) | Details | Information | | ------------------------ | ------------------------------- | | Date | June 2024 (disclosed July 2024) | | Impacted Customer Number | Approximately 200,000 citizens | | Breached Data | - Phone numbers | | | - Residential addresses | | | - Names | | | - Incident reporting details | | | - User-submitted complaints | In June 2024, Telangana Police’s Hawk Eye mobile application, designed for citizens to report incidents and crimes, experienced a significant cybersecurity breach, compromising the personal data of approximately 200,000 users. The attacker exploited vulnerabilities within the app’s backend infrastructure, gaining unauthorized access to sensitive user information such as names, phone numbers, residential addresses, and detailed incident reports and user-submitted complaints. Following investigations by cybersecurity teams and law enforcement authorities, the perpetrator was successfully apprehended. This incident highlighted critical gaps in mobile application security, emphasizing the necessity for rigorous data protection and security standards, particularly within government-operated digital services. **Prevention methods:** - Implement rigorous application security practices, including comprehensive code reviews, secure API design, and routine penetration testing to proactively identify vulnerabilities. - Enforce strict access controls and encryption protocols to ensure the protection of sensitive citizen data within government-operated applications. - Deploy real-time monitoring and threat detection mechanisms, enabling swift detection, containment, and response to cybersecurity incidents. ## 4. Common Patterns in India Data Breaches After looking at the biggest data breaches that happened in India up to 2026, we notice a few observations that reoccur across these breaches: ### 4.1 Inadequate Security of APIs and Endpoints Many breaches, notably Aadhaar, Justdial, and the Hawk Eye App incidents, stemmed from poorly secured APIs and vulnerable endpoints. APIs frequently lacked proper authentication, authorization, and rate-limiting mechanisms, allowing unauthorized users easy access to highly sensitive data. Endpoint security, often overlooked in rapid digital rollouts, created pathways for attackers to gain extensive access to customer and citizen information. Organizations must prioritize API security through stringent authentication measures, regular vulnerability testing, and endpoint security practices to mitigate these risks. ### 4.2 Underinvestment in Cybersecurity Infrastructure Critical sectors such as [banking](https://www.corbado.com/passkeys-for-banking) (SBI breach), telecommunications (BSNL and Hathway breaches), and healthcare (ICMR breach) consistently faced data exposure due to outdated legacy systems and chronically underfunded cybersecurity infrastructure. These older systems often contained widely known vulnerabilities that were actively exploited by attackers. Underinvestment in modern cybersecurity tools, proactive monitoring solutions, and regular vulnerability assessments meant that attackers faced minimal resistance. Strengthening cybersecurity budgets and upgrading legacy systems are essential to protecting sensitive data effectively. ### 4.3 Poor Data Management and Encryption Practices Several significant breaches, including those involving BigBasket, boAt, and Unacademy, were exacerbated by inadequate data encryption and poor management of user credentials. Storing passwords with weak hashing algorithms or failing to encrypt sensitive customer data allowed attackers to leverage breached information easily. Additionally, sensitive data stored in clear text or inadequately protected databases further increased exposure. Adopting robust encryption methods, strong [password hashing](https://www.corbado.com/glossary/password-hashing) techniques (with salting), and enforcing stringent data management policies can significantly reduce such risks. ### 4.4 Third-party and Vendor Vulnerabilities Several breaches, notably those at SBI and Hathway, highlighted significant vulnerabilities arising from poor management and inadequate security oversight of third-party vendors. Reliance on external entities, without thorough vetting and stringent security agreements, allowed attackers to [exploit](https://www.corbado.com/glossary/exploit) weaker third-party security practices to infiltrate larger organizations. Third-party software and infrastructure often introduced hidden vulnerabilities that organizations failed to identify due to insufficient due diligence. Ensuring robust vendor risk assessments, continuous monitoring of third-party security posture, and clear contractual cybersecurity obligations are critical to preventing future breaches. ## 5. Conclusion The analysis of India’s most significant data breaches shows a clear and critical message: many cyber incidents are preventable through fundamental improvements in cybersecurity practices. Rather than sophisticated [exploits](https://www.corbado.com/glossary/exploit), most breaches occurred due to basic oversights such as inadequate API and endpoint security, underinvestment in cybersecurity infrastructure, poor encryption standards, delayed incident detection, and insufficient management of third-party vendors. These systemic vulnerabilities not only compromise sensitive personal data but also erode consumer trust and organizational reputation. As India continues its rapid digital transformation, organizations across all sectors must prioritize cybersecurity investments, implement robust data protection policies, and enhance awareness through comprehensive training. Strengthening cybersecurity is no longer merely a technical consideration; it is an essential responsibility for organizations aiming to safeguard consumer confidence and sustain their future growth. ## Frequently Asked Questions ### How did the 2018 Aadhaar breach expose data for over a billion residents? The Aadhaar breach resulted from vulnerabilities in poorly secured APIs and insufficient access controls across government and third-party utility systems. Unauthorized database access was openly sold online for as little as 500 rupees (approximately USD 7), exposing names, Aadhaar numbers, bank details, biometric data and addresses for approximately 1.1 billion residents. ### What caused the Hathway ISP breach to expose 200GB of customer data in 2024? The March 2024 Hathway breach exploited a critical vulnerability in the company's content management system, enabling attackers to access approximately 200GB of sensitive records. Over 41.5 million customers' names, phone numbers, addresses, account credentials and billing details were compromised and subsequently leaked online. ### What specific risks does the BSNL data breach create for affected mobile subscribers? The July 2024 BSNL breach exposed IMSI numbers, SIM card details, server snapshots and customer account information for millions of users. The stolen data creates direct risks including SIM swapping attacks and targeted phishing campaigns, and was listed for sale on dark web marketplaces shortly after the breach. ### What security weaknesses do India's biggest data breaches have in common? India's major breaches share four recurring failures: inadequate API and endpoint security, underinvestment in cybersecurity infrastructure, weak data encryption and password hashing practices and insufficient third-party vendor management. These systemic weaknesses, evident across incidents at Aadhaar, ICMR, SBI and Hathway, represent basic oversights rather than responses to sophisticated attacks.