'Totally safe and secure': IT Ministry refutes report of data breach into NIC email system

A day after a report alleging that Emails and passwords of hundreds of Union government officials exposed to hackers due to the recent data breaches of Air India, Domino’s, and Big Basket, the Ministry of Electronics and IT refuted such claims. The Ministry of Electronics and Information Technology said there has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). Earlier it was reported that emails on government domains such as @nic.in and @gov.in are potential cyber threats as they are being used by adversaries to send malicious emails to all government users. 

'Totally safe and secure' says IT Ministry over data breach report

There has been no cyber breach into the email system of the government, maintained by the National Informatics Centre (NIC), an official release said on Sunday. The email system is 'totally safe and secure', the Ministry of Electronics and IT said while dismissing a report claiming that data breaches in organisations such as Air India, Big Basket and Domino's had exposed email accounts and passwords of NIC emails to hackers.

"In view of this, it is important to clarify that there has been no cyber breach into the email system of the Government of India maintained by the NIC. The email system is totally safe and secure," said the official release as reported by PTI. 

It further stated that cybersecurity breach on external portals may not impact the users of Government email service unless the Government users have registered on these portals using their official email address and used the same password as the one used in that email account.

"NIC Email system has put in place several security measures such as two-factor authentication and change of password in 90 days. Further, any change of password in NIC Email requires mobile OTP and if the mobile OTP is incorrect then change of password will not be possible," it said, adding that any attempt of phishing using that particular email can be mitigated by NIC.

NIC also undertakes user awareness drives from time to time and keeps updating the users about potential risks and safety protocols, the release added.

Domino's Data Breach

In May this year, Domino's India suffered a massive data breach of its customers' private details, including credit card information, which were also available for anyone to download on the dark web. Jubilant Good Work Limited then approached the Delhi High Court and sought direction from government agencies to instruct intermediaries such as telecom service providers, internet service providers, search engines to immediately remove URLs and websites hosting the hacked details. Jubilant Good work Limited is the company that operates the Domino's Pizza chain in India. 

Air India Data Breach

A cybersecurity attack on Air India's data processor back in February this year led to a data compromise of nearly 4,500,000 individuals, the airline informed in May this year. The security breach of Air India's SITA PSS data processor, which stores and processes the personal information of passengers, had affected personal data registered between August 2011 and February 2021 (10 years). Details such as name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (except for passwords), and data of credit cards of several passengers were said to be compromised by the cyber attack. However, Air India had maintained that CVV/CVC numbers of passengers have not been compromised as that is not stored by the airline's data processor. 

(Image Credits: PTI/Unsplash)