Cybersecurity was a buzzword for enterprises around 2020. With the onset of COVID resulting in digitalization in all sectors, attackers are actively looking for victims for the malicious cyber-attacks on sensitive data. The new digital workforce has pushed most of the industry to go online, including video conferencing. This has led to privacy issues and phishing attempts, including ransomware attacks. Since most industries are following work from home, it has become the more accessible path that cyber attackers can take advantage of. Mostly, cybercriminals prefer to target these harried, hurried, tired, and stressed employees who may make the slightest mistakes just after their work. The pandemic has forced the organization to adopt the cybersecurity service even more rapidly. Not partnering with any focused cybersecurity service provider or implementing latest cyber security solutions may result in severe losses, a slowdown in operations, loss of jobs, loss of image and threat actors in new ways. In this article, we have listed top ten cyber crimes in India during covid phase.   Domino’s Pizza Cyber Attack More than one million credit card records and 180 million pizza preferences went to the dark web in April 2021. The details of 180 million Domino’s India pizza orders were up for sale on the dark web, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock. According to Gal, attackers asked for ten bitcoin (roughly $535,000 or ₹4 crores) against 13TB of data that included 1 million credit card records of customers and 180 million Dominos India pizza orders with customers names, phone numbers, and email addresses. The hacker also had details of Domino’s India’s 250 employees with their Outlook mail archives from 2015.   CAT Applicant’s Details Leaked 190,000 CAT applicants’ details were leaked on the dark web in May 2021. The cybercrime forum had shown the sale of personally identifiable information and results of 190,000 candidates for the 2020 CAT. The information had all the applicants’ details, including names, dates of birth, email IDs, mobile numbers, address information, educational details, and CAT percentile scores. The database was hacked from the CAT examination conducted on 29 November 2020.   Trading Platform Upstox Breach Report Indian trading platform Upstox customers had their passwords reset. The platform has recently acknowledged in April 2021 a breach of know-your-customer (KYC) data. KYC data can be used by hackers to commit identity theft. The trading platform had reset all customer’s passwords and took necessary precautions after receiving warning emails that held contact data and KYC details in a third-party data warehouse.   Police Exam Database Goes Up For Sale In February 2021, 500,000 Indian police persons personal informations were put on sale on the database sharing forum. The hacker had shared a sample of the data dump with the information of 10,000 exam candidates with CloudSEK. The leaked information contained full names, mobile numbers, email IDs, dates of birth, FIR records, and the candidates’ criminal history. Most of the leaked data belonged to candidates from Bihar. It is the second instance of army or police workforce data being leaked online in 2021. A similar incident had happened for army personnel in Jammu and Kashmir and was posted on the public website.   COVID-19 Test Results In January 2021, more than 1500 Indian citizens’ test results were leaked online from government websites. What was more worrying about the leaked data was that it hadn’t put it up for sale in dark web forums but was publicly accessible to Google indexing COVID-19 lab test reports.The leaked information included patients’ full names, dates of birth, testing dates, and centers on government websites.   Just Pay Data For Sale Close to 35 million user accounts were put on sale on the dark web in January 2021. The data included masked card data and card fingerprints from a server using an unrecycled access key. The cybercriminals have put the data for sale for around $5000 on the dark web.   Bigbasket User Data For Sale In October 2020, 20 million user accounts were for sale in an online cybercrime market. The database included personal information for more than 20 million uses with a price tag of 3 million rupees ($40,000). It had users’ data that comprises of names, email IDs, password hashes, PINs, mobile numbers, addresses, dates of birth, locations, and IP addresses.   Unacademy Data Breach Twenty-two million users account from Edutech startup Unacademy experienced a data breach in May 2020. The data comprises usernames, email addresses, and passwords put on sale on the dark web.   COVID-19 Vaccine SMS  The SMS carried a link that installs the malicious app on Android-based devices that “maliciously” gains entry into users device & compromised the individual’s contact list. The app also gains unnecessary permissions that allows hackers to acquire other confidential user data on the device.   Healthcare Data Leaked In February 2021, Mumbai’s high-end Breach Candy Hospital and Utkarsh Scan experienced instances of data breach. The link of breached data allowed anyone to download medical images of patients. The record included the patient’s name, their date of birth, the national ID, the name of the medical institution, their medical history, physician names, and other details.   Conclusion As the world is adjusting to new transitions without having many needed security protocols in place, cyberattacks will become more common. The biggest key takeaway from the article is to be aware and mindful of such attacks, be prepared with proper security tools, and partner with cybersecurity-focused companies to tackle unforeseen odds.   About SNS: SNS is a 20 years old company providing cybersecurity solutions to corporates since 2000. We consult, design, implement and support our customers 24×7 to help them protect their confidential data against cyber attacks.   For an unbiased consultancy from our experts , write to us at [email protected]