The Delhi High Court has asked the Centre to respond to a petition highlighting the inaction of the Computer Emergency Response Team (CERT-In) over reports of alleged cyber security breaches and data leaks on online platforms such as BigBasket, Domino’s, MobiKwik and Air India.
Justice Rekha Palli granted time to the Centre’s counsel to seek instructions on the issue while posting the case for hearing on September 23.
The petition filed by Yarlagadda Kiran Chandra, general secretary of the Free Software Movement of India, said that despite numerous representations to CERT-In to investigate the alleged data breaches nothing had been done so far.
CERT-In is the nodal agency operational since 2004 for responding to computer security incidents as and when they occur.
The petition stated that there was no law governing data protection in India currently. “Thereby, the aggrieved users do not have any legislative recourse against such breaches. Therefore, an investigation by CERT-In on frequent data breaches at mass level becomes important to safeguard the privacy of users,” it said.
The petition relied on newspaper reports of breach of around 20 million Big Basket users’ data which are now available for sale on the dark web. It added that there were reports of breach of around 100 million Mobikwik users’ data and 3.5 million KYC data which are also available for sale on dark web.
“Mobikwik being a digital wallet makes individuals prone to cyber security attacks focused on their finances. The leak contains a database portion of phone numbers, emails, hashed passwords, addresses, bank accounts and card numbers and other KYC details etc.,” the plea said.
Mr. Chandra also highlighted that there were reports of around 180 million order details and one million credit card details of Domino’s users being breached. “Domino’s is a popular food chain in India. The leak contains a database portion of customer names, email addresses, phone numbers, delivery address and payment details,” he said.
“It has been widely reported that in a breach at Air India, data of approximately 4.5 million global passengers was leaked. The leaked information includes passenger’s name, date of birth, contact information, passport information, ticket information, and credit card information,” the plea said.
Published - August 16, 2021 04:58 pm IST
