Major data breaches that shook India in 2023

In 2023, despite strides in digital infrastructure, data breaches continued to pose significant threats to organisations globally. Governments and corporations grappled with the challenge of securing user data, acknowledging the vulnerability of even the most robust security measures. 

A report by the Data Security Council of India (DSCI), released on December 20, revealed that India faced over 400 million cyber threats across 8.5 million endpoints in 2023, averaging 761 detections per minute. 

Technological advances, particularly in artificial intelligence, emerged as significant threats, posing the most substantial risks to Indian organisations. A PwC report indicated that 38% of Indian companies felt highly exposed to cyber threats. In response, many organisations in India invested significantly in cybersecurity, including AI and machine learning. 

Despite these efforts, 2023 witnessed notable cyberattacks. Let's delve into some major data breaches and cyber incidents that occurred during the year. 

Redcliffe Labs Data Breach  

On October 25, cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database containing over 12 million medical records linked to an India-based company, Redcliffe Labs. The exposed records, including diagnostic scans and test results, raised concerns about the security of sensitive health information. The database was secured by the company promptly after notification.  

ICMR (Indian Council of Medical Research) Data Breach  

On October 9, Resecurity, a US-based cybersecurity firm, identified a data breach facilitated by a threat actor named 'pwn0001.' The actor advertised access to 815 million 'Indian Citizen Aadhaar and Passport' records on Breach Forums. The compromised data, allegedly extracted from the ICMR’s Covid-testing database, included sensitive information such as names, ages, genders, addresses, passport numbers, and Aadhaar numbers.  

CoWin Data Leak  

On June 12, reports surfaced about a Telegram bot allegedly leaking personal data of Indian citizens registered on the CoWIN portal for Covid-19 vaccination. The bot exposed information such as names, Aadhaar, and passport numbers based on phone numbers. While the Health Ministry denied a direct breach, the Indian Computer Emergency Response Team (CERT-In) reviewed the security infrastructure of the CoWIN platform.  

MOVEit Cyberattack  

In May 2023, a ransomware gang exploited a zero-day vulnerability in Progress Software’s enterprise file transfer protocol, MOVEit transfer, affecting over 2,000 organisations worldwide. The compromised entities included New York City’s public school system, British Airways, and BBC. Despite subsequent legal actions and a patch release, the fallout prompted the US Securities and Exchange Commission (SEC) to impose disclosure requirements on public companies following cybersecurity incidents.  

WordPress Vulnerability Exploitation  

More than 200,000 WordPress websites faced hacking risks due to an actively exploited critical vulnerability in the Ultimate Member plugin. This plugin, used for creating online communities, allowed attackers to inject Linux backdoors into websites. Over 17,000 WordPress sites fell victim to a campaign exploiting known flaws in premium theme plugins, putting a substantial number of websites, including those using Newspaper and Newsmag themes, at risk.