Online grocery platform BigBasket has become the latest target of cyberattack in India.
The company has faced a potential data breach with the information of over 20 million customers on the darkweb for sale, according to US-based cybersecurity intelligence firm Cyble.
The data, being sold for $40,000, includes the full names, email IDs, password hashes (potentially hashed OTPs), PIN, contact numbers, addresses, dates of birth, location, and IP addresses of login, among other bits of information, says a Cyble blogpost.
The Bengaluru-based start-up has lodged a complaint with the city’s cybercrime cell and is evaluating the extent of the breach and authenticity of the claim in consultation with cyber security experts.
“The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure,” said the Alibaba-backed company in a statement.
“The only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information,” it added.
According to the Cyble blogpost, the alleged breach occurred on October 14 and the BigBasket management was informed about it on November 1.
While online commerce has made lives easier, this convenience could come at a cost, say experts.
According to an IBM survey, the average cost of a data breach in India touched ~14 crore in 2020, an increase of 9.4 per cent from last year, as the average time to contain a data breach increased from 77 to 83 days a year. The top three root causes of data breach are malicious attacks, system glitches, and human error in the country, added the report.
While the opinion is uniform that data is a critical asset that can help sharpen business outreach and increase profits, it should be treated as a tradeable asset, say experts.
“Instead of treating it as a commodity that needs to be hidden behind large security measures, the industry and regulatory bodies need to move towards treating data as a tradeable asset and data economy infrastructure wherein consumers will be more comfortable and slightly richer and data pirates have less of an incentive to breach and sell it,” said Ankit Chaudhari, chief executive officer and founder, Aiisma, a data marketplace.
“Or else security will keep becoming expensive and hackers sophisticated, a scenario in which neither consumer nor company wins,” Chaudhari added.
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
RECOMMENDED FOR YOU