Data breach in India second highest : Gemalto Report


Data has become one of the most valuable assets for organizations, but as with anything with value, criminals are determined to get their hands on it. Gemalto is the world leader in digital security, helping the largest and most respected brands protect their data, identities, and intellectual property. Their recent report says, Data breach incidences in India were the second highest globally on account of compromise in Aadhaar database , as per the report by Gemalto, where their product been used in Aadhar eco system.


The company states, in this fast moving mobile and digital environment, we enable companies and organizations to offer a wide range of trusted and convenient services to billions of individuals by securing financial transactions, mobile services, public and private clouds, eHealthcare systems, eGovernment services, and the Internet of Things (IoT). Gemalto acquires SafeNet, a worldwide leader in data protection and software monetization, from Vector Capital to maintain the leadership.


The core focus of the company is into Data privacy and data security is the focus for organisations, especially in light of industry compliance standards such as United States health standard (HIPAA) or payment card standard (PCI-DSS) and the EU’s General Data Protection Regulation (GDPR).


However, North America makes up the majority of all breaches and the number of compromised records, 59% and 72% respectively. United States is the most popular target for attacks accounting more than 57% of global breaches.


Their global report says,1.2 billion Aadhaar records been compromised in first half of 2018. The report further clarifies, that during the first six months of 2018, more than 25 million records were breached on a daily basis across the world, which means 291 records get compromised every second. according to Breach Level Index, a global database of public data breaches, released by Gemalto.


The Breach Level Index is a global database that tracks data breach and measures their severity based on multiple dimensions. It not only tracks publicly disclosed breaches, but also allows organizations to do their own risk assessment based on a few simple inputs that will calculate their risk score, overall breach severity level, and summarize actions IT can take to reduce the risk score. This information has been collected from public sources.


“ … all concerned should take note of it that we have not been able to track any verified data breach of Aadhar database of UIDAI.As a result, Gemalto has withdrawn this alleged data breach in India on 15th October, from the Breach Level Index. Any inconvenience caused to UIDAI is deeply regretted,” the statement said. Now the question is when Gemalto product and solution has been deployed in the technology, then who will be responsible for it. Now a question comes on the credibility of the product and solutions.


The Aadhaar number, which is a 12-digit unique identifier assigned to every Indian citizen, can be used to retrieve personal information stored by the Unique Identification Authority of India (UIDAI) on any of India’s 1.1 billion citizens including their name, address, photo, phone number and email address.


On 17th October 2018,Ministry of Electronics and Information Technology(MeitY) has issued a circular,it states on the “ Security issues in Gemalto products. It further states ,certain security issues have been discovered in existing Gemalto products. These issues need further evaluation for the potential risks pertaining to use of Gemalto products in Aadhar ecosystem.. Hence,all ecosystem partners are hereby advised to suspend the future procurement of Gemalto products like HSM, biometric devices etc. till further notice.”


The Breach Level Index revealed that a total of 945 data breaches led to 4.5 billion data records being compromised worldwide during the period. The report further clarifies that, out that six social media breaches alone accounted for over 56 percent of the records that were compromised – the largest being the Cambridge Analytica-Facebook data breach.