On 18th July 2024, India’s biggest crypto exchange, WazirX suspended its trading activities after a cyber-attack that drained nearly half of its reserves (close to 230 million USD worth of crypto assets). According to the platform, the breach exploited a vulnerability in the exchange’s multi-signature wallet system, compromising the security of stored funds. The hackers exploited a mismatch between the data shown on crypto custody firm Liminal’s interface and the actual transaction contents.
An increase in cybersecurity breaches has been noted during a period where the Government of India is working to promulgate the rules for the Indian Digital Personal Data Protection Act 2023 (DPDP). The new law requires Significant Data Fiduciaries to appoint a Data Protection Officer (DPO) to assess and build a privacy programme required to demonstrate compliance. Under the DPDP in instances of similar breaches, a DPO would play a pivotal role in responding to the incident by notifying the data protection authorities and affected data subjects and overseeing the organisation’s response to mitigate harm and prevent future breaches.
WazirX had 16 million users who buy and sell crypto such as Bitcoin, Ripple and Ethereum among others. A cyber-attack of such a scale is one of the biggest in terms of the number of potentially affected users. As yet, it isn’t clear what the possible financial compensation those users might receive or indeed whether WazirX has mechanisms to reimburse the stolen funds.
Earlier in the month, alleged Chinese hackers claimed to have breached sensitive information of 375 million users of Bhatri Airtel, India’s second largest telecommunications company.
The WazirX and Airtel incidents offer critical lessons for all companies — the necessity of robust cybersecurity and privacy measures and transparent communication. Companies can leverage the expert help of DPOs, alongside advanced security protocols, regular audits, and rapid response strategies to address potential future threats.
HewardMills, a global DPO, can assist organisations to address data breaches to not only mitigate immediate risks but safeguard the trust of customers. Furthermore, our team of cyber and data protection experts can partner with privacy teams to adopt global security and privacy standards, action security audits and help businesses achieve compliance with data protection laws.
