A PIL had been filed against G Pay claiming unauthorised access to Aadhaar data in alleged violation of the Aadhar Act of 2016 in addition to, Payments and Settlement Systems Act 2007 and Banking Regulations Act 1949. A response from the UIDAI mentioned that no permission had been issued to G Pay to access, use and store citizens Aadhaar details. It also violated the fundamental right to privacy. The petition directed UIDAI and RBI to take relevant action against G Pay.
Researchers at the Ben-Gurion University in Israel said that by using digital “foot-in-the-door” techniques i.e requesting personal information from less important to more private, websites can successfully ask users to reveal more. Similarly, by placing requests on consecutive, separate webpages, users are more likely to reveal more data. Users can be manipulated by spreading out information requests over several pages, rather than consolidating it into one page.
Name, phone numbers, email, employer, annual income, etc of over 70 lakh Indian debit/ credit cardholders are up on sale on the dark web, said security researcher Rajshekhar Rajaharia. The 2GB database has also information on whether users have activated mobile alerts. It also has PAN card details of 5 lakh cardholders. However, the card numbers are not available. The leak has probably happened from a third-party vendor of the bank who sells credit/debit.
Trend Micro’s global survey reveals that 42% Indian workers are using personal devices to access corporate data. 57% of Indian remote workers have IoT devices connected to their home network, 12% using lesser known brands that usually have security vulnerabilities. 37% remote workers lack basic password protection on all personal devices. There’s an additional risk of infecting enterprise networks post-lockdown through devices infected at homes.
A recent database breach exposed profile data web scrapped from social media platforms including Instagram, YouTube, TikTok that affected as many as 235M users. While web scraping is not illegal, it is widely not accepted to protect users’ data. Such a massive leak could lead to phishing, scams, malware, ransomware and other serious cyberthreats. Security firm Comparitech discovered the breach and found that Hong Kong-based Social Data was responsible for it.
Findings from the 2020 Unisys Security Index from Unisys Corporation revealed that majority of Indians are willing to share their private data with govt in exchange for citizen benefits. 79% are willing to share location data with the police; so that they can be found in case of emergencies. 73% are willing to share travel habits to quickly get through airport security. Only 38% are comfortable sharing data with retailers for personalised offers.