Data Breach – Dark Web
The heavily used Indian Government website called IRCTC Where all you have been booking our railways tickets, that got leaked not once but twice according to reports where at least data of one million peoples was accessed and sold out on the dark web. It includes your details like Name, email id, date of birth and everything which we give for booking. When we look at these cases it is not just, there are several others which we don’t even know.
How does a data leak?
A Data Leak or breach can occur in many different ways but the most prevailing matter is by hacking into an unsecured-server, hackers look for insecure codes of the website and use techniques like SQL injection, where the malicious code is added to the database. The malicious code can be used to dump the database which stores all the information to a local file in case your database is not encrypted. It will be virtual to track all personal information from it. There are several other methods like Brute – Force attack, this method uses software tools to gain access to administrator password once the hacker is in, then they can have access to the entire website and user data.
Now yet another surprising way the data breaches occur, simply through fishing or social engineering, when hackers create a webpage that looks exactly like one he/she is trying to hack, can hack by using social engineering tricks. The hacker may trick a user into login and gain access to the admin password. There are many such antithetic ways like it.
If our data is on the dark web what happens?
Data privacy is classified in different forms. When a Personally Identity Information like Name email id and mobile number has been leaked and after quondam another data leak, where there is some other information with that email ID links. Then the person will eventually be getting all of the information linked together. There are profilers, state-sponsored agents; they all buy this data and they sell it to marketing companies. Many players use this information to create their marketing strategies, to manipulate people’s mindset, to push them some content which eventually triggers them to buy something or trigger them to decide something. The decision making power of the people can be influenced through this data for which they need more and more about individuals personalised information.
In the New Personal Data Protection Bill, which is coming in, there will be a provision of penalty, if any website whose data gets leaked whether it was a breach or intentional leakage of data for a third-party marketing company or it was an insider job, where the data breaches by the theft, these companies will be held accountable and they will be penalised. Presently Indian Information Technology Act is very clear if a company handling with personal sensitive data of Individual and negligence of breach take place and as a result, Somebody gets affected then the affected party can sue for unlimited damages by way of compensation under section 43A of the information technology
act, 2000. And if normal kind of data which is not sensitive personal data affected party can be used up to 5crore rupees.
Author: Govind Pareek,
New Law College, 2nd year, Law student