Over three-fourths of India’s adult population has had their data compromised since 2017, analyst firm Canalys said in a report. A majority of these breaches happened as India accelerated the pace of IT reforms, digitising various government records and the risk of such intrusions is only expected to grow.
According to the Telecom Regulatory Authority of India (Trai), the world’s second-largest smartphone market had a little over 795 million, or roughly 80 crore, internet users by 2020-end.
“In last four years, at least 80% of the adult population in Bulgaria, Chile, Ecuador, India, Panama, Philippines, Qatar and Turkey have been compromised in single but separate data breaches,” Canalys said in the report, Now and next for the cybersecurity industry.
Large proportions of populations in Brazil, Greece, Hong Kong, Israel, the Netherlands, Serbia, Sweden and the US have also been affected in similar breaches over the last decade, it added.
“The digitalisation of electoral, tax and other government services was the issue in many of these cases. Many countries have rolled out ambitious digitalisation programs, such as Aadhaar, the Indian biometric identification system. But it is claimed that Aadhaar has already been compromised, risking the information of over 700 million people. These risks will continue to grow,” the report said.
The rollout of contact-tracing apps and potential vaccine history passports in response to Covid presents new potential attack vulnerabilities to compromise individuals’ personally identifiable information (PII), it added.
“Contact-tracing apps have been used as part of coordinated responses to contain infection rates and help re-open economies. But software vulnerabilities discovered in some rushed initiatives have raised concerns over the security of the personal data being collected. A vulnerability in Qatar’s Covid-19 app, for example, compromised more than a million national identification numbers and health status,” said Canalys.
Records containing medical information can command up to 50 times more on the dark web marketplaces than any other PII data.
Canalys said the year 2020 has been the worst on record in terms of data breaches since 2005. In the last 15 years, at least 55 billion data records have been compromised in 900 known breaches, of which 77% were compromised in the last two years.
In 2020, around 31 billion data records were known to have been compromised, up 171% from 2019. “But one of the most concerning aspects is that this is likely to be a limited view of the overall crisis in the industry. Even more concerning is that there is no sign of this slowing down, especially with the rapid shift to perimeter-less IT and the deployment of digital transformation projects.”
Another area of concern is mega data breaches, involving over 500 million data records, which witnessed an uptick in 2020. Canalys said that 26 billion records were compromised in just 5 known breaches, which equals 7 billion records in 7 mega-breaches during 2019. Three of the largest known breaches on record were identified in 2020.
The crisis is the result of several factors, including organisations collecting PII either as part of their digital transformation process to personalise products and services, or because their entire business is geared toward collecting and analysing data for third parties. Datasets are getting larger too — from tens of millions of records to hundreds of millions and now to billions.