We have just about completed 6 months in 2021, and the country has already been rocked by at least half a dozen major data breaches. From SBI to Domino’s to Air India to MobiKwik to Facebook to even the CoWin portal, the biggest of the big players have fallen prey to these attacks, compromising the data of millions billions of individuals.
We have just about completed 6 months in 2021, and the country has already been rocked by at least half a dozen major data breaches. From SBI to Domino’s to Air India to MobiKwik to Facebook to even the CoWin portal, the biggest of the big players have fallen prey to these attacks, compromising the data of millions billions of individuals.
Last year 3,137 cyber-security related issues were reported every day. Even a vague guess would lead you to double that number for 2021.
Scared? I don’t blame you.
Back in April, news emerged that the Domino’s India server was hacked, and 13TB worth of data was leaked. This 13TB of data meant that the personal information of 250 employees and 18 crore customers was in the open. The enormity of this breach was such that you, as a random individual, had a more than fair chance of being on that list.
Threat actor claiming to have hacked Domino's India (@dominos) and stealing 13TB worth of data.
Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards. pic.twitter.com/1yefKim24A— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
A cybersecurity expert on Twitter, who was the first to reveal the leak, claimed that payment details with data of over 1 million credit cards were also compromised. At that time, the hackers even put out a ransom request of 50 BTC (bitcoin) from Jubilant Foodworks, the parent company of Domino’s India, to prevent the public release of this information.
So there were real concerns. Should we change our credit card PIN? Should we delete the Domino’s app? Can we delete our order history? Will password changes be effective? What is Domino’s doing to save our information? Despite a significant threat lurking on people’s heads, we barely heard anything for a month.
Fast forward to May, and a search engine was ready on the Dark Web. Anyone could extract and misuse data that was a part of the Domino’s breach. People could access phone numbers, email IDs, delivery addresses, and the time and date of the orders.
Finding sensitive data became as easy as a Google search on the Dark Web.
🚨 Data Breach Alert :
13TB of employee files & customer details, which allegedly belongs to @dominos_india have been leaked on the Dark Web through a search portal that gives access to sensitive info of the users.
Sadly, I found out that my privacy has also been compromised. pic.twitter.com/f05MZ7pRLt— Sourajeet Majumder (@TechCrucio) May 21, 2021
Although Domino’s claims that financial details were not released, the availability of past locations and contact information is in itself a real threat to privacy. Multiply that by 18 crore individuals and imagine the magnitude to which this data could be misused.
Misused to the tune of you and me being spied upon, spammed, intimidated, hacked, harassed, pressurised, and strong-armed into making decisions against our will. Now that’s a huge price to pay for a seemingly harmless pizza.
We are progressing towards a digitised world where this is very much a part of the new ‘normal’. Unfortunately, we are stuck in an eternal loop. Companies accept data breaches, apologise, assure that data is safe and go back to being hacked again. They turn a blind eye to the plight of consumers and the adverse effects these leaks have on their privacy.
A similar issue persists on the other side of the spectrum as well. We, as consumers, also treat data breaches as being normal instead of being outraged. And by outraged, I mean to the point that we drive changes to flimsy security systems.
The news of the Domino’s hack must have reached plenty of people, and all leading media agencies covered it. But, did we see a drop in the company’s order numbers? No. Did people go back and see how they can safeguard themselves against future threats? Also no.
Like in the real world, you are known by your name, in the virtual world, you are known by your digital identity. All elements that we have spoken about upto now, such as your passwords, usernames, and email addresses, all constitute this identity. It also includes your documents, photos, national ID cards, and biometrics. Although these pieces of information seem insignificant on their own, they reflect everything about you when clubbed together.
To protect yourself against data breaches, you first need to safeguard your digital identity.
Websites often require us to fill in our details and create an account with them. And when you create a password to secure this account, you use the same one as your Facebook, Curefit, Myntra and others. I get your point; it is easy for you. But you make it easier for hackers.
The ugly side of technological advancements means that even traditionally strong passwords are not good enough. As a result, we now need an added step in the authentication process to secure our passwords online.
Two-factor authentication (2FA) has emerged as the simplest, most effective way of keeping digital identities safe. It requires you to verify your identity online through another mode after filling in your password on a website.
If you have punched in OTPs received via SMS or email apart from your password to log in, you have already used 2FA.
2FA as a measure of safety has evolved with the introduction of authenticator apps. These apps keep you guarded in the face of attacks on your phone number or SIM card since they function independently of them.
On top of that, the OTPs that authenticator apps generate are usually time-bound, after which they expire and become useless. This further shields you against hackers and identity thieves.
Taking cognisance of growing concerns around data privacy and security, big names including Google, Microsoft and Salesforce are banking on 2FA with the launch of their authenticator apps. Many startups are also sprouting on similar lines.
Global policies are also slowly but surely gaining momentum. European Union’s General Data Protection Regulation (GDPR) came into effect in 2018, while the California Consumer Privacy Act (CCPA) was rolled out in January 2020. Both brought the spotlight back to privacy and data protection.
The major takeaway from this article should be to not take your data for granted. Technology is advancing at an unmatched scale and is probably well beyond humankind’s control now. And we will deal with the consequences of that – the good, the bad, and the ugly.
There is no escaping the share and use of personal data or your digital presence but there is a thin line separating faith and free reign. If you are vigilant and armed with enough firepower, you might escape just fine.
Cove Identity is your personal ultra-secure digital locker. Get maximum control over your data with minimal effort.
.jpg)