This article was last updated 3 years ago

India

In the modern era where everything is digitized and the concept of privacy diminishes by the day, data breaches are becoming a matter of grave concern. Recently behemoths like LinkedIn, Bizongo, Upstox, BigBasket, and others have fallen prey to such data breaches, showing that not even the biggest corporations in the world are safe from the threat of hackers. The latest victim was said to be the Indian government’s email system which is maintained by the National Informatics Centre (NIC) after a report emerged claiming that the emails and passwords of hundreds of Union government officials had been exposed to hackers. On Sunday, the Ministry of Electronics and Information Technology (MeitY) reached out and refuted such claims, saying that there had been no such data breach and said that the email system was “totally safe and secure.”

The report that claimed that data breaches in organizations like Domino’s, Air India, and BigBasket compromised email addresses and passwords was wrong, the Ministry claimed. It clarified this in a press release, noting that unless the users registered on the external portals using their official email address and used the same password as the one used in that email account, the breach on the portal would not affect the government’s email system.

“A media story on the impact of data breaches in organizations such as Air India, Big Basket and Domino’s has claimed that these breaches have exposed email accounts and passwords of NIC emails to the hackers,” the release said. “In view of this, it is important to clarify that firstly, there has been no cyber breach into the email system of the government maintained by the National Informatics Centre (NIC). The email system is totally safe and secure,” it added.

The government dismissed the report, saying that the NIC email system had put in place several security measures such as two-factor authentication and change of password in 90 days. Additionally, any change of password in NIC Email would require mobile OTP, and if the mobile OTP is incorrect then the change of password would not be possible. The NIC would also mitigate any attempt of phishing using that particular email, and it undertakes user awareness drives at regular intervals, keeping them updated about potential risks and safety protocols.