CERT-In law impact on data breaches: India is the 6th most breached country worldwide

CERT-In law impact on data breaches: India is the 6th most breached country worldwide
The latest study by cybersecurity company Surfshark ranks India as the 6th most breached country since the first recorded digital attacks in 2004. Meanwhile, the newly-introduced CERT-In law orders to store and hand-over larger amounts of customers’ personal data upon request. As the scale of data collection widens, so does the risk for it to be leaked from databases. In a country which has lost over 962.7M peoples’ contact details to data breaches over the past 18 years and lacks strong data protection laws, this poses serious cybersecurity concerns.
Surfshark's data shows that since 2004, the year data breaches became widespread, 14.9B accounts have been leaked and a striking 254.9M of them belong to users from India.  To put in perspective, 18 out of every 100 Indians had their personal contact details breached. The situation is extremely worrying in terms of lost data points, considering that per every 10 leaked accounts in India, half are stolen together with a password.
Lack of privacy legislation puts India’s users' data in danger of being sold, reused, or exploited in offenses. India is the fastest-growing economy globally, and the IT industry accounted for 8% of India's GDP in 2020. While the country’s tech industry proves to be affluent, protection of personal digital data falls short when compared with international standards. Authoritative news sources suggest that current legal acts are outdated and require revamping, and digital privacy continues to weaken with newly introduced bills.
Over the last decade, the Indian government has introduced a panoply of digital-surveillance measures. On April 28, it directed a number of companies to collect and store users' data — names, addresses, contact numbers, email, and IP addresses — for up to five years and hand over this information if requested. 
“Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country,” — comments Gytis Malinauskas, Head of Legal at Surfshark, in response to the newly-introduced India's VPN law. “Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
Global breaches are rising again. In 2022'Q1, 304 accounts were being breached every minute. In the present quarter (2022'Q2), however, breach rates are 6.7% higher. As of June 1st 2022, only two months into the quarter, India’s breach rate is 740% higher than in 2022’Q1, rising from 5 to 42 breached accounts per minute.
Additionally, Indian internet users are also increasingly targeted by cybercriminals. In 2021, the CERT-In team handled over 1.4M incidents involving phishing attacks, probing, viruses, malware, and others, and showed 21% increase compared to 2020 even if many remain unreported. Most of these internet crimes tend to be made possible by illegally acquiring user data, such as names, emails, passwords, and IPs, which increasingly appear online due to data breaches or leaks. 
Surfshark's data shows that Indians lose 3.8 data points per every breached account, while the global average is only 2.3. Some of the reasons for this could be user habits or extensive data collection practices of Indian online services and applications.
The Data Breach World Map was developed in partnership with independent cybersecurity researchers, who collected loads of user data from breached databases that appeared online. This allowed them to sort through 27,000 leaked databases and create 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings. Users’ locations were identified by email or website domain name, country, city, coordinates, IP address, locale, currency or phone number.
For timeline accuracy, our independent partners record the actual time of the breach instead of when it becomes public. Therefore, the numbers in the past can change as new cases are reported. The Data Breach World Map is updated every month with the most recent data from our independent partners. At the time of this particular study, the data analyzed was from June 1st, 2022.
Source: Press Release