The Central Government holds the personal data of nearly 140 crore Indians. Incidents of breach into this data are increasing every day. The government's IT Ministry itself has admitted in Parliament that 165 incidents of data attacks have come to light in the last 70 months. These incidents have been registered by the Ministry's Computer Emergency Response Team. However, the ministry has denied that any of the data was publically leaked despite the breach. It says that the data is completely safe with the Central Identity Data Repository (CIDR). Attacks on it have been foiled many times. Infiltration attempts were made a few times through cyberattacks, but the data could not be leaked.
However, private data breaches are spreading like an epidemic. The report of Digital Security Council shows that every hour more than 45 thousand 600 malware attacks are happening on Android phones. In 2022, nearly 71% of mobile devices worldwide used the Android operating system. In 2023, a significant rise in Adware and Potentially Unwanted Applications (PUAs) Malware was noticed in Android phones. Based on the analysis of 500K installations, it was observed that approximately 2-3 attacks per month are detected per Android smartphone.
Another common way that malware infects a smartphone is through fake applications disguised as legitimate ones. For example, in a recent alert, the Indian Railway Catering and Tourism Corporation (IRCTC) cautioned users about a malicious Android app, irctcconnect.apk, that circulated on messaging platforms like WhatsApp and Telegram. The fraudulent app, masquerading as an official IRCTC app, posed a serious risk to users by functioning as spyware. The phishing links, distributed widely, impersonated IRCTC officials to trick users into revealing sensitive net banking credentials, including UPI details and credit/debit card information.
Antivirus programs have the capability to identify and detect malicious applications, specifically those that share similarities with "Android.SpyNote.GEN."
It was observed that whenever events or incidents of national and international importance take place in the country, cyberattacks increase. During the G-20 event held in August-September this year, about 30 lakh cyberattacks were recorded. Apart from this, there were a total of 3 crore attacks in August, whereas in September this figure went up by 30 lakh.
Regarding data security in the Cowin app created to administer the Corona vaccine, the government claims that many steps have been taken to protect it such as:
- Beneficiaries can get information about their vaccination through registered number only through OTP.
- Mobile number, Aadhaar number and other photo ID card numbers have been hidden. Only four of these digits are visible.
- Citizens' CoWin data has been made completely confidential through encryption algorithms.
- Users can open their CoWin account only through the dual system of password and OTP.