Data Breach

Download as pdf or txt
Download as pdf or txt
You are on page 1of 17

DATA BREACH

What is a DATA BREACH?


A data breach is the release of confidential, private, or otherwise
sensitive information into an unsecured environment. A data breach
can occur accidentally, or as the result of a deliberate attack.

Ransomeware Malware

Phishing Identity theft


covid scenario
There has been significant increase in data breaches and attacks during
covid because of the widespread shift to remote work during the
pandemic, organizations had to quickly adapt their systems and
processes to support remote collaboration. This rapid transition
sometimes led to security gaps and vulnerabilities in remote access
systems, making them more susceptible to exploitation by
cybercriminals.
Zivame data breach 2023
In the month of May in 2023, Zivame a top lingerie online brand of India
was exposed to a serious data breach. This led to serious data exposure of
around 15 lakh women.

The data included the intimate order information, physical address , email
address and phone number.

Let’s delve deeper into this case!


What exactly happened?

In April, Zivame received an e mail on


security@zivame.com, from the email
shadowhacker3@proton.me

Out of 9.5 million customers, 1.5


million customer’s data had been
exposed
On 16th May, an account on
Twitter( now X) by the
username @Cyberhuntss acted
as a whistleblower by posting
the alleged “data leak” by
Zivame.
More to the story...
He added that Zivame was selling data of “Hindu girls” to Muslim nations
and thus he took this on his account in a way of exposing the brand.This
communal angle outraged the nation and his claim was disagreed by a lot
of people.
It later turned out that Cyberhuntss aka Sanjay Soni from Udaipur was
the culprit, he committed the crime in order to extort money from
Zivame. He asked for USD 1500 in lieu for the data.
Cyber extortion

Cyber Ddos
blackmail attacks DOXING
Money extortion & blackmail

Zivame was falsely accused of selling data on Twitter by Sanjay in order to get
financial gains. He tried to blackmail and falsely taint the image of the brand.
It was even found that data of some Zivame customers was sold to a Telegram
channel and a site called Controlc.com

From here, another account named @cyberdaku comes into picture. He was the
main person behind this unsolicited attack. He exorted 1500 USD out of which
1000USD were deposited in Sanjay’s bank account.
Consequences of cyber extortion

01 02 03 04

LOSS OF LOSS OF
FINANCIAL DATA LOSS CUSTOMER’S
REPUTATION
LOSS TRUST
How did Zivame respond?

Zivame filed a report to the National Commission for Women


against this data breach.

They also stated that this may lead to their tainted reputation.
Zivame revised their security policy in August
2023.
According to the Cost of data breach 2022 report, stolen or
compromised credentials are the most common initial attack
vector, accounting for 19% of data breaches. Hackers may steal
or compromise credentials by using brute force attacks, buying
stolen credentials off the dark web, or tricking employees into
revealing credentials through social engineering attacks.
The law
Soni was charged under section 66 (computer related offences) of the
Information and Technology Act, 2008, which pertains to data breach and
under IPC section 295-A(deliberate and malicious intention of outraging
the religious feelings of a community) and 153-A(Promoting enmity
between different groups on ground of religion, race, place of birth,
residence, language, etc).
How could Zivame protect themselves?

Restrict Access Up to date software

Improve security Destroy before disposal

Employee training

Audit reevaluate
CONCLUSION
As a customer, always input your data with full trust in the site. Never
forget to check the certificate of the site which you are surfing. Our
security lies in our own hands and thus we take precautionary measures
in form of anti virus softwares, not opening random links etc.
Thank
You

You might also like