AePS Cyberfraud: Money from Bank A/C Stolen Using Aadhaar Biometrics Data from Victim’s Land Records Obtained from Govt Website

In a recent cyberfraud case that emerged in Bihar's Purnia district, criminals swindled a person's account without using the conventional methods of OTP or phone calls. Instead, they exploited the victim's Aadhaar biometrics data obtained from government land records to make transactions using the Aadhaar Enabled Payment System (AePS). The Bihar police have been actively investigating such cases and recently arrested 33 alleged cybercriminals operating from Nawada district.

Bihar police revealed the unique scam in a press conference, the video of which was shared by Haryana IPS officer Pankaj Jain on X (Twitter).

No OTP, No phone call, No clue, Yet money was stolen from the bank account... using registry papers.

This case is from Purnia, Bihar. #CyberFraud

However Government in 2018 🙃 :- #Aadhaar data is secure behind walls that are 13 feet high and five feet thick" pic.twitter.com/5naWeyro1p

— Amit Karn (@amitkarn99) July 11, 2024

While in this case cyber thieves used biometric details from victim’s land record or commonly called land registry, in another instance of cyberfraud related to Aadhaar, criminals (in Bihar only) allegedly cloned fingerprints to steal money from victims' bank accounts without using OTP or phone calls. The accused hacked into the government's database to access the victim's land records dated June 25, 2024. The criminals then breached the victim's Aadhaar details and obtained their fingerprint. Using the victim's thumb impression extracted from the land records, the accused created a false thumb impression. They used this false thumb impression along with the victim's Aadhaar to withdraw money from the bank account.

The Bihar Police have detained eight individuals involved in this systematic fraud scheme. To prevent similar incidents, consider these precautions:

• Mask your Aadhaar number: Download the masked Aadhaar from the UIDAI website.
• Use virtual IDs: Process online transactions using a virtual ID instead of Aadhaar.
• Link your number and email ID to Aadhaar: Ensure your contact details are linked to your Aadhaar for notifications about suspicious activity.

If you encounter AePS cyber fraud, report it on the National Cybercrime Reporting Portal. Stay vigilant and protect your hard-earned money.

IBM Report: Compromised Employee Accounts Led to Most Expensive Data Breaches Over Past Year

Customer Personal Data Exposed in 80% of Breaches Analyzed; AI and Automation Significantly Reduce Costs

IBM Security (NYSE: IBM) announced today the results of a global study examining the financial impact of data breaches, revealing that these incidents cost companies studied $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause. Based on in-depth analysis of data breaches experienced by over 500 organizations worldwide, 80% of these incidents resulted in the exposure of customers' personally identifiable information (PII). Out of all types of data exposed in these breaches, customer PII was also the costliest to businesses studied.

As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organizations can suffer if this data is compromised. A separate IBM study found that over half of surveyed employees new to working from home due to the pandemic have not been provided with new guidelines on how to handle customer PII, despite the changing risk models associated with this shift.

Customer PII was the most commonly exposed type of data in a breach, according to IBM-Ponemon 2020 Cost of a Data Breach Report

Sponsored by IBM Security and conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professional in organizations that suffered a data breach over the past year.¹ Some of the top findings from this year's report include:

• Smart Tech Slashes Breach Costs in Half: Companies studied who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced less than half the data breach costs compared to those who didn't have these tools deployed – $2.45 million vs. $6.03 million on average.
• Paying a Premium for Compromised Credentials: In incidents where attackers accessed corporate networks through the use of stolen or compromised credentials, studied businesses saw nearly $1 million higher data breach costs compared to the global average – reaching $4.77 million per data breach. Exploiting third-party vulnerabilities was the second costliest root cause of malicious breaches ($4.5 million) for this group.   
• Mega Breach² Costs Soar by the Millions: Breaches wherein over 50 million records were compromised saw costs jump to $392 million from $388 million the previous year. Breaches where 40 to 50 million records were exposed cost studied companies $364 million on average, a cost increase of $19 million compared to the 2019 report.
• Nation State Attacks – The Most Damaging Breaches: Data breaches believed to originate from nation state attacks were the costliest, compared to other threat actors examined in the report. State-sponsored attacks averaged $4.43 million in data breach costs, surpassing both financially motivated cybercriminals and hacktivists.

"When it comes to businesses' ability to mitigate the impact of a data breach, we're beginning to see a clear advantage held by companies that have invested in automated technologies," said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence. "At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry's talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well."

Employee Credentials and Misconfigured Clouds ­– Attackers' Entry Point of Choice
Stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies in the report, representing nearly 40% of malicious incidents. With over 8.5 billion records exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches studied, businesses should rethink their security strategy via the adoption of a zero-trust approach – reexamining how they authenticate users and the extent of access users are granted.

Similarly, companies' struggle with security complexity – a top breach cost factor – is likely contributing to cloud misconfigurations becoming a growing security challenge. The 2020 report revealed that attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average – making it the third most expensive initial infection vector examined in the report.

State Sponsored Attacks Strike Heaviest
Despite representing just 13% of malicious breaches studied, state-sponsored threat actors were the most damaging type of adversary according to the 2020 report, suggesting that financially motivated attacks (53%) don't necessarily translate into higher financial losses for businesses. The highly tactical nature, longevity and stealth maneuvers of state-backed attacks, as well as the high value data targeted, often result in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million.

In fact, the respondents in the Middle East, a region that historically experiences a higher proportion of state-sponsored attacks compared to other parts of the world³, saw over 9% yearly rise in their average breach cost, incurring the second highest average breach cost ($6.52 million) amongst the 17 regions studied. Similarly, businesses studied in the energy sector, one of the most frequently targeted industries by nation states, experienced a 14% increase in breach costs year over year, averaging $6.39 million.

Advanced Security Technologies Prove Smart for Business
The report highlights the growing divide in breach costs between businesses implementing advanced security technologies and those lagging behind, revealing a cost-saving difference of $3.58 million for studied companies with fully deployed security automation versus those that have yet to deploy this type of technology. The cost gap has grown by $2 million, from a difference of $1.55 million in 2018.

Companies in the study with fully deployed security automation also reported a significantly shorter response time to breaches, another key factor shown to reduce breach costs in the analysis. The report found that AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches over 27% faster on average, than companies that have yet to deploy security automation – the latter of which require on average 74 additional days to identify and contain a breach.

Incident response (IR) preparedness also continues to heavily influence the financial aftermath of a breach. According to the report, companies with neither an IR team nor testing of IR plans experience $5.29 million in average breach costs, whereas companies that have both an IR team and use tabletop exercises or simulations to test IR plans experience $2 million less in breach costs – reaffirming that preparedness and readiness yield a significant ROI in cybersecurity.

Some additional findings from this year's report include:

• Remote Work Risk Will Have a Cost: With hybrid work models creating less controlled environments, the report found that 70% of companies studied that adopted telework amid the pandemic expect it will exacerbate data breach costs.
• CISOs Faulted for Breaches, Despite Limited Decision-Making Power: Forty-six percent of respondents said the CISO/CSO is ultimately held responsible for the breach, despite only 27% stating the CISO/CSO is the security policy and technology decision-maker. The report found that appointing a CISO was associated with $145,000 cost savings versus the average cost of a breach.
• Majority of Cyber Insured Businesses Use Claims for Third Party Fees: The report found that breaches at studied organizations with cyber insurance cost on average nearly $200,000 less than the global average of $3.86 million. In fact, of these organizations that used their cyber insurance, 51% applied it to cover third-party consulting fees and legal services, while 36% of organizations used it for victim restitution costs. Only 10% used claims to cover the cost of ransomware or extortion.
• Regional & Industry Insights: While studied companies in the U.S. continued to experience the highest data breach costs in the world, at $8.64 million on average, those studied in Scandinavia experienced the biggest year over year increase in breach costs, observing a nearly 13% rise. Responding healthcare companies continued to incur the highest average breach costs at $7.13 million — an over 10% increase compared to the 2019 study.

About the Study
The annual Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by over 500 organizations worldwide taking place between August 2019 and April 2020, taking into account hundreds of cost factors including legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.

To download a copy of the 2020 Cost of a Data Breach Report, please visit: ibm.com/databreach

Sign up for the 2020 Cost of a Data Breach Report webinar on Wednesday, August 12, 2020 at 11:00 a.m. ET here: https://ibm.biz/BdqhMf

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 70 billion security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

¹ Report analyzes data breaches occurring between August 2019 and April 2020. Limitations of the report's methodology can be found in the report.
² The 2020 Cost of a Data Breach Report examines the cost of a mega breach, namely breaches involving the loss or theft of one million records or more, based on a separate analysis of a specific sample.
³ According to the IBM 2020 X-Force Threat Intelligence Index: https://ibm.biz/downloadxforcethreatindex

Personal Data of 2.9 Crore Indians got Leaked on Dark Web for Free

Cyber criminals have posted personal data of 2.9 crore job-seeking Indians on dark web for free in one of the hacking forums, according to online intelligence firm Cyble.

The company had recently revealed hacking of Facebook and Sequoia-funded Indian education technology firm Unacademy.

"29.1 million Indian jobseekers' personal details leaked in deepweb for free. We usually see this sort of leaks all the time, but this time, the message header got our attention as it included a lot of personal details – where most of the things are generally static such as education, address etc," Cyble said in a blog on Friday.

Folders in the name of some of the leading job websites in India also appeared on the screenshot posted by Cyble but the company was investigating the source of the leak at the time of writing this report.

"It appears to have originated from a resume aggregator given the sheer volume and detailed information. We will update this article as new information is identified," Cyble said. PTI PRS

Data Breach Costs India Inc lose out ₹ 12.8 Cr on Average - IBM

Data breaches cost organisations in India about Rs 12.8 crore on average between July 2018 and April 2019, according to a report sponsored by tech giant IBM.

The global average total cost of a data breach was USD 3.92 million (about Rs 27.03 crore) with the average size of the breach being 25,575 records.

In India, the per capita cost per lost or stolen record was at Rs 5,019, compared USD 150 per record globally. On an average, 35,636 records were compromised in a data breach in India - which ranked 15th in terms of total cost of breach.

The findings are part of the 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute, and sponsored by IBM Security.

For the report, the Ponemon Institute interviewed over 500 organisations that have experienced a breach between July 2018 and April 2019.

The analysis takes into account cost factors from legal an regulatory activities to loss of brand equity, customer turnover and the drain on employee productivity.

"India is witnessing a significant change in the nature of cyber crimes, it is now extremely organised and collaborative. The cost of data breach continues to grow...," IBM India/South Asia Security Software Leader Vaidyanathan Iyer said.

He added that organisations need to significantly invest in three core areas when it comes to cyber security -- risk assessment based on business objectives, cognitive threat management and ensuring digital trust.

Iyer explained that in the digital era, cognitive security can provide both speed and scale for organisations to go about their digital transformation journey with minimal business disruptions.

"Cognitive security is designed to augment human intelligence and aid security professionals. The technology learns with each interaction to proactively detect, analyse and provide actionable insights into threats," he said.

The report said major causes of data breaches in India comprised malicious or criminal attacks (51%), system glitch (27%) and human error (22%).

The mean time to identify the data breach has also increased to 221 days from 188 days, while the mean time to contain such breaches has decreased to 77 days from 78 days.

According to the report, data breaches in the US are vastly more expensive - costing USD 8.19 million (about Rs 56.46 crore), or more than double the average for worldwide companies in the study. Costs for data breaches in the US increased by 130 per cent over the past 14 years of the study, up from USD 3.54 million in the 2006 study.

Malicious data breaches cost companies in the study USD 4.45 million on average. This is over USD 1 million more than those originating from accidental causes such as system glitch and human error, the report said.

Inadvertent breaches from human error and system glitches still accounted for nearly half of the data breaches in the report, costing companies USD 3.5 million and USD 3.24 million, respectively.

Also, for the ninth year in a row, healthcare organisations had the highest cost of a breach – nearly USD 6.5 million on average (over 60 per cent more than other industries in the study).
T
The report found that the effects of a data breach are felt for years. While an average of 67 per cent of data breach costs were realised within the first year after a breach, 22 per cent accrued in the second year and another 11 per cent accumulated more than two years after a breach.

The longtail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals, it added.

Cybercrime represents big money for cyber criminals, and unfortunately that equates to significant losses for businesses, Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services, said.

"With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line - and focus on how they can reduce these costs," Whitmore said. PTI SR

Amazon India Leaks Competitive Business Data of 400K Sellers; No Compensation to Sellers

Amazon India had left exposed the tax reports of some sellers to others on its platform and although the company had rectified a technical glitch which caused it, it had exposed a lot of information to others on platform.

Sellers downloading their monthly financial reports (data of their sales through Amazon.in) were served with those of other vendors, leading to a breach of competitive businesses data.

On Wednesday, Amazon India said the glitch affected a “minuscule number” of the 4,00,000 sellers on its platform had been rectified soon after sellers flagged it.

According to Economic Times, in an incidence happened last Sunday, a merchant who sells smartphone accessories on Amazon logged onto the platform to download his tax report for December, and found that the inventory reflected in it did not tally with what he had sold. Upon closer inspection, he realised that the GST number on the report was not his.

All this while, the unsolicited exposure of a Amazon India's data has almost frightened its users. The merchant tax reports, that were accidently passed on business data of sellers/merchants to other unintended merchants/seller which are in fact competitors. The leaked data included sales, category-wise split and inventory data. If found by rival seller, this could prove to be of material value to them and detrimental to the merchant/seller whose data was outed, experts said.

No "Data Privacy" Rule for Compensation

Of late, it was reported that food startup FreshMenu had also faced a data breach that left exposed the personal details of 110,000 users and top of it the company stubbornly admitted to the breach only after two years.

At the moment, India do not have a provision for a user, whose data has been exposed, to recover damages from companies responsible for this. A section in the draft Data Protection Bill, which is undergoing consultations and pruning, however, lays down directives for early disclosure of leaks and a mechanism to try cases pertaining to such lapses.

In the proposed Data Protection Bill, which is likely to be moved in Parliament in June, it has been proposed that if a company's customer data is breached, it is liable to a penalty of 4 per cent of its global revenues. Criminal liability has been proposed too.

Source - Economic Times, AFAQS

India Accounts 37% of 4.5 Bn Global Data Breaches Compromised in 1st Half of 2018

Gemalto, the world leader in digital security, today released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018. Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 133 percent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident.

A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 percent of total records compromised. Of the 945 data breaches, 189 (20 percent of all breaches) had an unknown or unaccounted number of compromised data records.



The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful.

According to the Breach Level Index, almost 1 billion data records have been exposed in India since 2013, when the index began benchmarking publicly disclosed data breaches. During the first six months of 2018, almost 1 billion records were compromised in Aadhar breach incident, including name, address and other personally identified information. This is particularly concerning, since the stolen, lost or compromised data records of only one out of 12 breaches were protected by encryption to render the information useless, a zero percent compared to the first six months of 2017.

"Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections," said Jason Hart, vice president and chief technology officer for data protection at Gemalto. "We also expect to see more data breaches reported by European Union countries bound by the new General Data Protection Regulation and in Australia with the new Notifiable Data Breaches law. We should be careful not to misconstrue this as an increase in overall incidents in these areas but rather as a more accurate reflection of what is actually going on."



Primary Sources of Data Breaches

Malicious outsiders caused the largest percentage of data breaches and accounted for almost 90 per cent above of all stolen, compromised or lost records in 2018 in India. The number of attacks in accidental loss fell by 100 percent compared to the same period in 2017. However, the number of attacks in malicious insider attacks increased by more than 100 percent this half compared to the same time period in 2017.

Leading Types of Data Breaches

Identity theft continues to be the leading type of data breach, as it has been since Gemalto first started tracking in 2013. While the number of identity theft breaches decreased by 28 percent over the second half of 2017, the number of records stolen through these incidents represent over 99 percent of all records stolen.

Financial access incidents show a disturbing trend in the escalation of severity. Though overall incident numbers are on the decline H1 2017 vs. H1 2018 (4 for H1 2017, 2 for H2 2017 and 3 for H1 2018), the number of records breached increased H1 2017 vs. H1 2018 (1.5 million, 50 and 2.6 million) respectively.

Industries Most Affected by Data Breaches

Most sectors saw an increase in the number of incidents compared to the previous half – the exceptions were government, professional services, retail and technology, though both government and retail saw a tremendous increase in the number of records breached through fewer events. Government continues to lead in number of records compromised during data breaches through identity theft which accounted for 98 per cent of the records stolen.

Geographic Distribution of Data Breaches

North America still makes up the majority of all breaches and the number of compromised records, 59 and 72 percent respectively. The United States is still by far and away the most popular target for attacks, representing more than 57 percent of global breaches and accounting for 72 percent of all records stolen, though overall incidents are down 17 percent over the prior half. India accounts for 37 per cent of the global breaches in terms of records compromised or stolen or revealed.



With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308 as could be expected.

Europe saw 36 percent fewer incidents but a 28 percent increase in the number of records breached indicating growing severity of attacks. The United Kingdom remains the most breached country in the region. With the General Data Protection Regulation in full effect for the second half of 2018, the number of reported incidents could begin to rise.

View Full Report Here

UIDAI’s Aadhaar Software Hacked, Anyone Across the World can Enroll, Confirm Experts

The credibility, authenticity and security of India's Aadhaar has long been questioned but the stubborn, ignorant Indian government never accepted that Aadhaar system might need a big overhaul and despite plenty of evident and obvious proofs both UIDAI and central government always ran for cover-ups.

Eventually in a latest unfortunate and biggest incidence of all, personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enroll new Aadhaar users, revealed an investigation by HuffPost India.

The software patch that hacked Aadhaar's software is freely available for mere Rs 2,500 -- a bonanza for million of other hackers -- that allows unauthorized persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use.

Skilled hackers have disabled the security features of Aadhaar enrollment software and even circulated hack on Whatsapp, said the report.

Ironically, a 'Patch' is defined as a set of changes to a computer program or its supporting data designed to update, fix, or improve it. However in case of Aadhaar, the culprit patch allegedly hacked the whole system putting the database of over 1 billion citizens at stake and in more worst scenario about same numer of bank accounts as well is also in serious threat.

This comes within few weeks after a petition was filed against UIDAI as well as the central government of India, alleging that the fundamental right to privacy of all Indians with an Aadhaar card has been violated because of Aadhaar data breaches that occurred on numerous occasion.

The hack, which indeed has significant implications for India's national security, comes at time when when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.

Also Read - India Is About To Privatize 100 Terabytes of Its Citizens Data

According to HuffPost India, the patch is in possession of it and the online portal had even got it analysed by three internationally reputed experts, and two Indian analysts, to confirm that the database has indeed been hacked.

About 1,224,222,809 Aadhaar (122 Crore or 1.22 billion) has been generated till the writing of this article, as per the UIDAI website.

According to the experts, the patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. It disables the enrollment software's in-built GPS security feature (used to identify the physical location of every enrollment centre), which means anyone, whether he or she is an Indian or not, can use the software to enroll in Aadhaar system.

Moreover, the patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.

According to a 2012 news piece of Economic Times, The Aadhaar number repository and its IT infrastructure is run run by HCL Infosystems, which won the contract worth 2,200-crore from the UIDAI, in March 2012.

In July this year, the Aadhaar data of the chief of Indian telecom watchdog, TRAI, got leaked when he pose a challenge on Twitter to hack his Aadhaar details.

Last year in July, the government was warned about the vulnerability of Aadhaar when Indian apex court discussed privacy issues with regard to the Aadhaar card. At the same time, a report from the Center for Internet and Society suggests that the records of about 135 million Indians may have been leaked from four government portal due to lack of IT security practices. Additionally, a loophole was also identified that allows all records in Aadhaar to be accessed by anyone though hackers can find other routes.

To recall, UIDAI has recently announced that from 30th of September, the face recognition feature will be rolled out in phased manner, starting with telecom service providers.

PayTM To Have Allegedly Given Users' Data To PMO and Has Close Ties with RSS

Investigative website Cobrapost’s investigation titled ‘Operation-136’ part-2 says that Ajay Shekhar Sharma, who is senior vice president at Paytm and brother of PayTM founder Vijay Shekhar Sharma, allegedly claimed that the e-wallet company backed by Softbank and Alibaba had received a call from the Prime Minister’s Office (PMO) demanding users data, at a time when stone-pelting had reached its peak in the troubled valley of Kashmir.

Cobrapost has released the transcripts and videos on its Facebook and YouTube channel.

To begin, Cobrapost's investigative journalist Pushp Sharma posed as a representative of a fictitious organisation Shrimad Bhagvad Gita Prachar Samiti, and met company's top executives -- Sudhanshu Gupta, Vice President and Ajay Shekhar Sharma, Sr. Vice President -- of Paytm and told them that he is meeting at the behest of the “Sangathan” to bolster the prospects of the party in power in coming elections.

Both Sudhanshu and Ajay revealed that they have close association the government and RSS, a hindu radical group in India.

In a rush to prove how close he is to both --- government and the RSS -- Ajay Shekhar of Paytm said in the sting video: "By the way, let me show you one more thing, in case you should obviously know our political affiliation … this is our Paytm App. Nowdays Mr. Modi is right here. He has written a book extra [sic] Exam Warriors. We are … we are actually promoting this book.."

It is to be noted however that, though the video by Cobrapost shows Ajay Shekhar Sharma purportedly claiming that the PMO asked for data of users, the video does not mention whether or not Paytm complied with the PMO’s alleged demand.

After Cobrapost released the video and transcript, PayTM, on its official Twitter handle, tweeted, saying "There is absolutely NO TRUTH in the sensational headlines of a video doing rounds on social media. Our users' data is 100% secure and has never been shared with anyone except law enforcement agencies on request. Thank you for your continued support."

There is absolutely NO TRUTH in the sensational headlines of a video doing rounds on social media. Our users' data is 100% secure and has never been shared with anyone except law enforcement agencies on request. Thank you for your continued support.

— Paytm (@Paytm) May 25, 2018

Paytm however did not revealed the name of "agencies" in specific to whom the company has given the users' data.

With more than 7 million registered merchants and more than 200 million wallet users across the country, a number which is increasing with ticking of the clock, Paytm is now a much diversified e-commerce company, becoming indispensable for Indian shoppers, second only to Flipkart in valuation.

Paytm began its journey in 2010 as a mobile app-based utility payments facilitator. It was founded by One97 Communications founder-promoter Vijay Shekhar Sharma.

Interestingly, in 2016 the then 6-year-old company got its biggest "lucky" break when BJP government at the stroke of midnight declared demonetization there by banning currency notes of Rs. 500 and Rs. 1000 denominations, at immediate effect. So as a matter of fact, PayTM has been a biggest (and perhaps only) beneficiary of demonetization, which while brought India's GDP down to 6.1%, Paytm however witnessed a 700% increase in overall traffic on the platform and 1000% growth in the value of money added to Paytm accounts.

IndianWeb2.com has sent emails to Paytm as well as its investors -- Alibaba and Softbank, however we haven't received any response from any of them, till writing of this article. In case we receive any update we'll update this article content.

Next Course of Action

Needless to say as both the company and the government are in question, its a matter of serious question who will investigate into this matter further. In past, over dozen of media outlets including a Softbank-backed digital media startup was uncovered for peddling propaganda but since then not a iota of investigation or inquiry was proposed from government or any of its agencies.

Moreover, the gestures and nuances of talks of Ajay Shekhar Sharma, SVP of Paytm, in the sting video apparently depicts the close association with political party in power and RSS, and all this leads the conclusion that there's is a closely knitted nexus between Indian political parties, extremist groups and so called 'Startups'.

Earlier prime minister Modi's own app Namo was also accused of giving users data to a company outside the country. This too was denied by govt agencies and the case was set aside without doing any investigation further.

UPDATE -

PayTmM has denied Cobrapost allegation and the company has given a clarification on same its official blog post here.

Your Paytm Data is NEVER shared with anyone.

Our official statement: https://t.co/jwe1Iqrn5K pic.twitter.com/rWXrvLxnT3

— Paytm (@Paytm) May 26, 2018

[Top Featured Image Source - Ajay Shekhar @Twitter]

70% Consumers Would Stop Doing Business with Companies Following A Data Breach, Finds Survey

A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security. In addition, six in ten Indian consumers (59%) feel businesses don’t take the security of customer data very seriously.

Despite these concerns, the Gemalto study found that consumers are failing to adequately secure themselves, with over half of the Indian respondents (51 %) still using the same password for multiple online accounts. Even when businesses offer robust security solutions, such as two-factor authentication, a quarter (28%) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

This may be because the majority of consumers (66%) believe the business holding their data is mostly responsible for its security. As per Indian respondents, they have poor security hygiene and fail to take advantage of security measures available to them such as two-factor authentication (28%) for social media accounts. This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of brewing conversations around data protection and privacy law, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”

Despite their behaviour, consumers’ security concerns are high, as two thirds (68%) worry they will be victims of a data breach in the near future in India. Consequently, consumers now hold businesses accountable – if their data is stolen, the majority (96%) of consumers in India would take or consider taking legal action against the compromised business.

Globally Consumers Trust Some Industries More Than Others

When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites – worryingly, one in ten (9%) think no sites pose a risk to them.

On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list.

Hart continues, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”



About the Survey

10,500 Adult consumers were interviewed by Vanson Bourne globally. Countries included were the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux, UAE and South Africa. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.

Stolen Data From Over 6,000 Indian Businesses Available On Darknet, Claims Quickheal

In a worrying piece of news coming in for the Indian companies, a forum on DarkNet is reportedly selling data stolen from over 6,000 Indian businesses that includes Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises. The advertisement was recently spotted by global IT security firm Quick Heal's Enterprise Security brand Seqrite.

In a company statement, Seqrite shared further details about the advertisement they discovered along with its partner seQtree InfoServices. According to the statement, the mastermind hacker behind the advertisement is demanding 15 Bitcoins (nearly INR 42 lakh) for the information and is offering network takedown of affected organisations for an unspecified amount.

The security firm believes that if the information falls into wrong hands, it has the potential of becoming a major tool of mass disruption.

The organisations whose services are most likely to be affected if the data gets leaked are: UIDAI (Aadhaar), Employees' Provident Fund Organisation, Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare and several other Indian government portals, among others.

Talking to IANS, Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal said, "We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above-mentioned organisations and enterprises can get affected.”

For the uninitiated, a DarkNet can be best described as any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports. Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection) and privacy networks such as Tor.

Related Reading: What is Dark Web and How It Works

According to Seqrite, after they spotted the advertisement, they ran a detailed investigation, which revealed the identity of the affected organisation to be India's national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).

Their next step was to bring Asia Pacific Network Information Centre (APNIC) and Indian government authorities up to catch with what had happened and recommend them to quickly alert all the potentially affected organisations to change their passwords and get their servers and systems patched with latest updates.

The security firm researchers also reveal that the hacker selling the data claims that he has the ability to tamper the IP allocation pool. If this indeed is true, it could end up causing a massive outage or Denial of Service (DoS) attack-like situation.

“This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India," read the company statement.

Along with the access, the seller is also ready to give credentials and various contractual business documents. He also claims to be in the possession of a large database of Asia Pacific Network Information Centre (APNIC).

Yesterday, we reported how an IBM study had deduced that despite of having such talented workforce, India is still unprepared to protect itself if a cyberattack to the scale of ‘WannaCrypt’ or ‘Petya’ ever hits home turf.

According to a recent IBM study conducted by Ponemon Institute, while the average cost of a data breach in 2017 decreased by 10 per cent globally when compared to the 2016 figure, but for the Indian enterprises, it grew by 12.3 percent from Rs 97.3 million in 2016 to Rs 110 million in 2017.

This development was first reported in Firstpost.

[Image: Appknox ]

Stolen Data From Over 6,000 Indian Businesses Available On Darknet, Claims Quickheal

In a worrying piece of news coming in for the Indian companies, a forum on DarkNet is reportedly selling data stolen from over 6,000 Indian businesses that includes Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises. The advertisement was recently spotted by global IT security firm Quick Heal's Enterprise Security brand Seqrite.

In a company statement, Seqrite shared further details about the advertisement they discovered along with its partner seQtree InfoServices. According to the statement, the mastermind hacker behind the advertisement is demanding 15 Bitcoins (nearly INR 42 lakh) for the information and is offering network takedown of affected organisations for an unspecified amount.

The security firm believes that if the information falls into wrong hands, it has the potential of becoming a major tool of mass disruption.

The organisations whose services are most likely to be affected if the data gets leaked are: UIDAI (Aadhaar), Employees' Provident Fund Organisation, Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare and several other Indian government portals, among others.

Talking to IANS, Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal said, "We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above-mentioned organisations and enterprises can get affected.”

For the uninitiated, a DarkNet can be best described as any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports. Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection) and privacy networks such as Tor.

Related Reading: What is Dark Web and How It Works

According to Seqrite, after they spotted the advertisement, they ran a detailed investigation, which revealed the identity of the affected organisation to be India's national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).

Their next step was to bring Asia Pacific Network Information Centre (APNIC) and Indian government authorities up to catch with what had happened and recommend them to quickly alert all the potentially affected organisations to change their passwords and get their servers and systems patched with latest updates.

The security firm researchers also reveal that the hacker selling the data claims that he has the ability to tamper the IP allocation pool. If this indeed is true, it could end up causing a massive outage or Denial of Service (DoS) attack-like situation.

“This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India," read the company statement.

Along with the access, the seller is also ready to give credentials and various contractual business documents. He also claims to be in the possession of a large database of Asia Pacific Network Information Centre (APNIC).

Yesterday, we reported how an IBM study had deduced that despite of having such talented workforce, India is still unprepared to protect itself if a cyberattack to the scale of ‘WannaCrypt’ or ‘Petya’ ever hits home turf.

According to a recent IBM study conducted by Ponemon Institute, while the average cost of a data breach in 2017 decreased by 10 per cent globally when compared to the 2016 figure, but for the Indian enterprises, it grew by 12.3 percent from Rs 97.3 million in 2016 to Rs 110 million in 2017.

This development was first reported in Firstpost.

[Image: Appknox ]

Flipkart Is Reportedly Leaking Its Customers Data

Flipkart, which is considered as the most successful Indian startup till date, has acquired a unique status in the $30 billion Indian e-commerce market. The company, which is currently in its tenth year of operation and enjoys a customer base of 100 million users has built the reputation of being an Indian e-commerce major by being customer centric and providing them with stupendous discounts and offers year after year. However, according to a latest news piece on newsient.com, the Indian unicorn might not to be as customer loyal as it has projected itself to be over the years.



According to an article on the website, the e-commerce giant might be leaking consumer data betraying the trust of its millions of customers. The website has based the allegation on the basis of proof furnished by a Gujarat-based Flipkart user who has been using the Gmail easter egg that allows users to make multiple email addresses out of one e-mail address. According to him, he uses these e-mail addresses only for Flipkart accounts and for no other online service/account. However, he recently noticed that the inbox of the e-mail ids he uses for Flipkart shopping have been bombarded with mails from a spammer. This means, Flipkart users, your address, phone number, as well as card details could all potentially be at risk.



One of the spammy emails sent on the ids is by a website offering people Jio Phone absolutely free of cost. Here’s the spam link in the email:

http://trck.mailerassist.com/wiz/index.php/campaigns/qd146ytjawa7f/track-url/ly305p2srd0c5/fa11e412eb37a11c2eb8459d1335358db1cc7424

If one clicks on the aforementioned link, they will get redirecting to a website called Discountwalas. One look at the website and one can sense that the website is for sure not legit and is laced with click-baity content to tempt people to click on their pages and increase their page views.

If we believe what the user is saying, then this means Flipkart has an urgent matter to tend to as we know customer loyal lost once, takes years to rebuild.

The e-commerce major needs to interrogate if some employee of Flipkart is selling its customers private information to a third party, or the Flipkart database has been hacked. One cannot rule out that Flipkart might itself be selling the information though there hasn't been any concrete poof of the same.

The user has tried getting in touch with Flipkart multiple times but the giant has so far chosen not to reply or react on the matter. But, Flipkart needs to understand that keeping mum on the matter is only going to make things worse for them and make them look like a culprit in the eyes of its customers. If Flipkart wants to retain its numero uno e-commerce crown and not lose the battle to American e-commerce giant Amazon, the homegrown e-commerce company will have to do some damage control and win back customer support before they lose all of it.

Flipkart Is Reportedly Leaking Its Customers Data

Flipkart, which is considered as the most successful Indian startup till date, has acquired a unique status in the $30 billion Indian e-commerce market. The company, which is currently in its tenth year of operation and enjoys a customer base of 100 million users has built the reputation of being an Indian e-commerce major by being customer centric and providing them with stupendous discounts and offers year after year. However, according to a latest news piece on newsient.com, the Indian unicorn might not to be as customer loyal as it has projected itself to be over the years.



According to an article on the website, the e-commerce giant might be leaking consumer data betraying the trust of its millions of customers. The website has based the allegation on the basis of proof furnished by a Gujarat-based Flipkart user who has been using the Gmail easter egg that allows users to make multiple email addresses out of one e-mail address. According to him, he uses these e-mail addresses only for Flipkart accounts and for no other online service/account. However, he recently noticed that the inbox of the e-mail ids he uses for Flipkart shopping have been bombarded with mails from a spammer. This means, Flipkart users, your address, phone number, as well as card details could all potentially be at risk.



One of the spammy emails sent on the ids is by a website offering people Jio Phone absolutely free of cost. Here’s the spam link in the email:

http://trck.mailerassist.com/wiz/index.php/campaigns/qd146ytjawa7f/track-url/ly305p2srd0c5/fa11e412eb37a11c2eb8459d1335358db1cc7424

If one clicks on the aforementioned link, they will get redirecting to a website called Discountwalas. One look at the website and one can sense that the website is for sure not legit and is laced with click-baity content to tempt people to click on their pages and increase their page views.

If we believe what the user is saying, then this means Flipkart has an urgent matter to tend to as we know customer loyal lost once, takes years to rebuild.

The e-commerce major needs to interrogate if some employee of Flipkart is selling its customers private information to a third party, or the Flipkart database has been hacked. One cannot rule out that Flipkart might itself be selling the information though there hasn't been any concrete poof of the same.

The user has tried getting in touch with Flipkart multiple times but the giant has so far chosen not to reply or react on the matter. But, Flipkart needs to understand that keeping mum on the matter is only going to make things worse for them and make them look like a culprit in the eyes of its customers. If Flipkart wants to retain its numero uno e-commerce crown and not lose the battle to American e-commerce giant Amazon, the homegrown e-commerce company will have to do some damage control and win back customer support before they lose all of it.