e-Commerce firm held Personal data of 700 million people; need for Personal Data Protection Law
Cyberabad Police of Telangana State has busted a data theft gang who has been involved in the theft, procurement, holding, and selling of personal and confidential data of 66.9 crore individuals and organizations across 24 states and 8 metropolitan cities.
The accused was found to possess data from various sources, including Byjus, Vedantu, cab users, GST, RTO, Amazon, Netflix, Paytm, Phonepe etc. He was operating through a website called ‘InspireWebz’ based in Faridabad, Haryana, and was selling the database to clients
The accused had been holding data from 135 categories containing sensitive information of government, private organizations, and individuals, and the police seized two mobile phones, two laptops, and the data during the arrest.
Data theft of such big scale is unlikely to be handywork of few individuals. It is likely the data from different organisations were illegally sourced and aggregated by a network and placed in the grey market for sale. Usually, sales and marketing teams of businesses and corporates use the personal data tele calling and sales.
Police has suggested technologies for data security.: Data security is of utmost importance as attackers constantly search for vulnerabilities to infiltrate corporate networks. To ensure proper protection of data, it is crucial to follow these technologies.
For ensuring security of personal data, Government had brought in Personal Data Protection Bill in 2019. However, the bill was criticised and subsequently withdrawn in 2022. As of now, there is no effective personal data protection law.