DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

India: Rising Cybercrime Frontier

Posted on April 18, 2019 by Dissent

For the past year or more, I’ve been receiving numerous  tips and notifications  from trusted researchers about leaks and breaches involving entities in India.  While some of the incidents involve alleged miscreants, other incidents involve human error or misconfiguration situations.  But as many of us have experienced and reported, when it comes to data protection in India, it is often close to impossible to: (1) get entities in India to secure personal information and (2) notify them when their failures have been found by researchers (cf, this post). And then, as Brian Krebs has sadly noted, even when you do reach firms to notify them, they do not always respond appropriately.

Today, Gemini Advisory is releasing a new report their findings with respect to payment card data breaches in India. Of note, Stas Alforov and Christopher Thomas report that Gemini found more than 3.2 million Indian payment card records were compromised and posted for sale in 2018, which elevated India to third in the world in the total amount of stolen payment cards.

This was no small uptick, either.  Gemini reports that they identified a 219% spike in Indian payment cards added that year due to a significant rise in stolen Card Not Present (CNP) and Card Present (CP) data.

Of special note, the increasing demand was supported by a 150% surge in the sale price of card data, from a median price of $6.90 USD (approx. 478.02 Indian Rupees) in 2017 to $17 USD (approx. 1,177.73 Indian Rupees) in 2018.

Based on their data and analyses:

Gemini Advisory assesses with high confidence that fraud levels in India, particularly CNP fraud, will likely surpass those of the United Kingdom in 2019, making Indian-issued payment cards the second-most targeted cards in the world.

You can read their full report at https://geminiadvisory.io/india-rising-cybercrime-frontier/

Given how many U.S. firms outsource to India, Gemini’s report serves as a timely reminder that companies need to pay heightened attention to the data security deployed by their third-party providers or vendors. This also applies to the healthcare sector as payment card data, if linked to a patient’s name, are considered identifiers under HIPAA.

 


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Category: Breach IncidentsCommentaries and AnalysesNon-U.S.

Post navigation

← SEC Issues Privacy and Data Security Risk Alert
Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • BlackSuit ransomware site seized as part of Operation Checkmate
  • The day after XSS.is forum was seized, it struggles to come back online — but is it really them?
  • U.S. nuclear and health agencies hit in Microsoft SharePoint breach
  • Russia suspected of hacking Dutch prosecution service systems
  • Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders
  • Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
  • HHS OCR Settles HIPAA Ransomware Investigation with Syracuse ASC for $250k plus corrective action plan
  • IVF provider Genea notifies patients about the cyberattack earlier this year.
  • Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.