Data Protection 2021

Plan C is an endeavor of the contributors at My Lawrd to track recent developments in the Indian techno legal space. During many of our research projects, we felt an urge to consolidate recent developments for convenience, reliability, and efficiency. Although the so aggregated information was initially thought to be used within our organization, our kind contributors, who also happen to be passionate about the technology law community, decided to share this information with you folks! So here’s what’s happening in Data Protection in 2021. Happy reading & researching!

We also maintain trackers for Privacy & Surveillance, Fintech, and Technology Regulations. Feel free to tip us with important information in these domains. Also, we would love to know what you think about our trackers. Get in touch!

#1

Date: 01.01.2021

‘Indigo Airlines discloses a breach to its data servers in December, 2020’

The company (InterGlobe Aviation Ltd.) suggested that some data was compromised and anticipates sharing of internal documents on public websites and platforms. The extent of the data breach is yet to be ascertained. The company has also not disclosed the breach to its customers yet.

Source: https://www.bloombergquint.com/business/indigo-says-some-data-may-be-compromised-in-server-breach

#2

Date : 04.01.2021 

“Sensitive Data of over 10 crore debit and credit card holders leaked after attack on Juspay’s servers.”

This is looking like biggest data leak in India’s history. Sensitive information of 100 million credit and debit card holders has been leaked on Dark Web due to fault in server. The data that was leaked on the dark web included names, contact numbers, email addresses and last four digits of their card number. Cyber security researcher who had discovered this data leak said that the leaked data was available on dark web for sale for an undisclosed amount and it was selling with the name of Juspay. This data leak contained information related to debit and credit card transactions between March 2017 to August 2020.  

Source:  https://inc42.com/buzz/india-data-leak-cardholders-leaked-from-juspay/

#3

Date: 06.01.2021 

“The CoWin app will use Aadhar for authentication and Tracking purposes.”

The CoWin app, short for COVID Vaccine Intelligence Network will use Aadhar based authentication system for the rollout of Covid 19 vaccines. This will also allow for the creation of Unique digital Heath ID for those being vaccinated. With the use of this app Vaccines will be tracked from when the manufacturer transports them to Primary vaccine stores, then to state vaccine stores and so on. In the initial rollout, vaccine will be available only to frontline workers and health workers, their data will be taken from a Bulk Database that has already been stored into the CoWin system.  CoWin system will also send SMS in 12 languages to guide beneficiaries. It’ll have a chatbot for general assistance as well. This app is not yet available on Play store nor on App store, it is still under development.  

Source: https://www.medianama.com/2021/01/223-cowin-management-system-to-use-aadhaar-authentication/ 

#4

Date: 06.01.2020 

Swatting attacks are targeting residents with smart devices with camera and Voice recognition smart devices”

Swatting is a term used to describe a hoax call to emergency authorities and reporting of fake threat to human life to draw a response from S.W.A.T. team to a specific location. This has resulted in so much confusion for law enforcement authorities because they have to pull out the resources from valid emergency situations to reach a specific location which turns out to be fake. The FBI is warning users of smart phone and smart home devices to use two factor authentication and use of complex password in order to have an extra protection from these swatting attacks. Swatting may be motivated by revenge, a prank but it is a very serious crime and its repercussions are very harmful.  

Source: https://www.ic3.gov/Media/Y2020/PSA201229  

#5

Date:  07.01.2021 

“WhatsApp will delete your account if you don’t agree to the updated Privacy Policy.”

WhatsApp has updated its terms of service and privacy policy and given users till 8th February, 2021 to accept it or their accounts will be deleted from the platform. New update mentions more information about WhatsApp service and how it processes user data. New policy provided extensive detail on how WhatsApp shares information with its parent company Facebook. WhatsApp made it clear that it is sharing information with Third party service providers and other Facebook companies in this capacity. It also mentions that if you don’t agree to the updated policies and your account is deleted it does not mean that all your information which you shared previously in various groups is also deleted, some of it might be stored for a longer time.  

Source:  https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&_m=3n.009a.2392.ol0ao0chfl.1iby 

#6

Date: 12.01.2021

“Google Search Leads to Private WhatsApp Chats”

Links to private WhatsApp chats were made available through a simple Google Search. Security researcher Rajshekhar Rajaharia exposed this on Twitter. The links indexed in the search allowed access to WhatsApp groups immediately, without prior approval. It also allows access to phone numbers and profile photos. 

Source: https://www.medianama.com/2021/01/223-whatsapp-group-links-exposed/

#7

Date:14.01.2021

“WhatsApp privacy policy challenged in Delhi High Court”

 A petition has been filed before the Delhi High Court challenging the new privacy policy of WhatsApp, contending that it violates the right to privacy and poses a threat to national security.  The petitioner urged the court to issue an injunction order, restraining WhatsApp from enforcing the updated privacy policy. It also sought a direction upon the Central Government to exercise its powers under the IT Act and ensure that WhatsApp does not share any of its users’ data with any third party for any purpose whatsoever. Since India is a signatory to the International Covenant on Civil and Political Rights (ICCPR), the petitioner alleged data sharing with third-parties would be incompatible with its stipulations on authorized and limited usage of data.  The petitioner also pointed out that the same policy is not applicable in the European Region, owing to the data protection law (GDPR) in place there. 

Source: https://www.livelaw.in/top-stories/whatsapp-privacy-policy-delhi-high-court-fundamental-right-to-privacy-168410 

#8

Date: 15.01.2021

“Indian government has made the second highest information requests according to Twitter’s new transparency report”

India sent up to 21% of all requests and 25% of specific global account requests. India also made 18% of the preservation requests; preservation requests are those that are made in response to governments or other law enforcement agencies where Twitter temporarily preserves information of an account involved in an investigation.  India is one of the five countries (others being Japan, Russia, South Korea and Turkey) from where 96% of the legal demands come from. India also had the highest number of requests related to media and journalists having made 149 requests. Two tweets were withheld in India under Section 69A of the IT Act.  

Source: https://www.medianama.com/2021/01/223-twitter-govt-information-requests-highest/ 

#9

Date: 20/12/2020 

‘Cyber-attack increased against Indian Organizations amidst Pandemic’ 

India reported an increase in cyber-attacks during the third quarter of the current year. It was ranked second after the US among the top 5 countries most affected by ransomware attacks. This largely came after the fallout of COVID-19 forcing employees to work from home. In a rush to enable remote access, Companies allowed connectivity from home personal computers that often-lacked basic cyber-hygiene. Hackers often used multiple tactics to disguise malicious links and avoid detection by URL protection solutions. Moreover, only 30% of the BEC (Business Email Compromise) attacks included a link, the lack of a URL makes it even harder to detect the attack. Similarly, ransomware attacks also increased between the second and third quarters, India saw a 39.2% increase in the number of ransomware attacks. The top industries affected by ransomware were manufacturing, government, military, finance and banking, software vendors, and healthcare.  Maze and Ryuk were the top ransomware types in Q3 wherein Ryuk ransomware was attacking 20 organizations a week. 

Sources : RBI, Cyber Pulse Vol. 5 edition 1 
 

Found this article useful? Share with friends!

3 thoughts on “Data Protection 2021

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

×

Hello!

Select one of our representatives below to chat on WhatsApp or send us an email at [email protected]

× Need legal help?