A cybersecurity researcher, Rajshekhar Rajaharia, has revealed that personal data of 7 million Indian credit card and debit cardholders have been leaked on the dark web. 2 GB of screenshots of the leaked data were found, which consists of data from 2010 to 2019, according to a report by Inc42. The screenshot is reportedly public on Google Drive. It gives out details like cardholders’ names, phone numbers, email addresses, names of employer firms, annual incomes, types of accounts, and if the users have switched on their mobile alerts or not. The report also reveals that PAN numbers of 5 lakh cardholders are also available online.
The leaked data can be used for spam messages and phishing attacks by cybercriminals.
Sonit Jain, CEO of cybersecurity firm GajShield Infotech says, ” Availability of such sensitive data on the dark web is a strong proof that enterprises need stricter data handling policies for both internal users and third-party vendors that use these data for outsourced services. We have seen the impact of such information leaks like scammers impersonating digital wallet providers calling for KYC or offering quick loans, easy credit cards, etc., only to result in monitory loss of these individuals.”
“While every company pushes for educating its customers on not sharing OTP, CVV, Card, and Account number, etc., the primary source of such data are the enterprise themselves. It is their approach to data security that these enterprises must consider reworking on and prevent such incidents first hand. Only with a strict data privacy law will enterprises look at data security seriously and work towards protecting consumer data,” Jain adds.
According to the researcher, most of the users belonged to companies like Axis Bank, Bharat Heavy Electricals Limited, Kellogg India Private Limited, and Mckinsey, and Company, among several others. The annual income of these users ranges from Rs 7 lakh to Rs 35 lakh.
As per the report, almost 66 percent of Indian companies reported data breaches since 24 March when the people shifted to work-from-home. The most used phishing campaign these days is “Free Covid Tests.”