After reports stated that data breaches in organisations such as Air India, Big Basket and Domino’s have exposed email accounts and passwords of NIC emails to the hackers. The Ministry of Electronics & IT rejected this claim.
The ministry stated, “In view of this it is important to clarify that firstly, there has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). The email system is totally safe and secure.”
According to a report by The Hindu, the internal communication for government officials stated that the compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats as they are being used by ‘adversaries' to send malicious mails to all government users.
The government countered the news report stating cyber security breach on external portals may not impact the users of government email service, unless the government users have registered on these portals using their government email address and have used the same password as the one used in the government email account. The news report claimed that government officials might have shared their official email id and password thinking it is an official government ID when actually it is fake.
The ministry stated the NIC Email system has put in place several security measures such as two factor authentication and change of password in 90 days. “Further, any change of password in NIC Email requires mobile OTP and if the mobile OTP is incorrect then change of password will not be possible. Any attempt of phishing using NIC Email can be mitigated by NIC. NIC also undertakes user awareness drives from time to time and keeps updating the users about potential risks and safety protocols.”
On May 21, national carrier Air India informed its customers about the data breach that took place in the last week of February 2021. The first announcement of the breach was made on March 19, 2021 on its website. The carrier shared more details on the leak of 45 lakh data subjects or individuals with its customers.
On May 26, Domino’s India’s data was hacked which affected anyone who ordered from Dominos India over the phone using their phone number or email address.
In April 2021, the reports suggested that around 2 crore customers' personal details like names, hashed passwords, phone numbers etc were leaked from online grocery delivery platform BigBasket’s database. However, the company claimed this leak took place in November 2020 which has resurfaced and that breach was fixed.
