Mumbai: Apart from the other numerous threats lurking on the internet, the one abiding fear we have is that of ‘data breach’. One is always hearing of data breach episodes. Every user is vulnerable to this peril as our data is in the hands of third party applications. Data protection is the foremost responsibility of the organisation collecting the data, but there are ways in which the user can limit this threat. Recently the news of Truecaller’s data being compromised made headlines across the world and became worrisome for its users.
According to reports, the personal information of Truecaller users, like their phone numbers and email addresses, were available on the dark web. Information on the users of the app was available for approximatley Rs 20 lakh while the personal data of Indian users was available for Rs 1.5 lakh. But the company has denied that was compromised. Truecaller has an estimated user base of 140 million. Is data breach that dangerous? Cybersecurity expert Ritesh Bhatia explains, “Data breach is a security incident in which personal data or sensitive personal data is exposed or accessed without authorization.
“Data breaches not only result in cybercrimes such as identity theft and impersonation but also severely affects the reputation of the service provider or the organisation from where the data has been breached,” he explained. While apps are being installed, the user is asked for different types of permissions, some of which are not even related to the app but unless one clicks ‘allow’, the app cannot be installed, which leaves users with no choice.
There are ways in which a user can limit the access of a particular app. While data protection is the foremost responsibility of the organisation collecting the data, users too need to limit the amount of data they provide to the platforms — for instance, a user need not fill in all the fields asked for in a form. In case of apps, one must only give those permissions that are required for the functioning of the app. In the case of apps, in which the user is forced to give permissions, the user can revoke these permissions after installation or updates. “While dealing with app permissions and storing confidential data in the phone, the user must be extra-cautious” says Bhatia. There are certain steps every user should follow, says Bhatia. “Work-related emails and personal emails should be kept separate. One must have two email accounts and never store sensitive information such as ATM pins, passwords, on one’s phone” cautions Bhatia.