The IT Minister of State Sanjay Dhotre denied that the user data stored with the BHIM app had been breached. In June, VpnMentor had claimed that over 7 million records of BHIM UPI app users had been breached and the compromised information included scans of Aadhaar cards, caste certificates, proofs of residence, PAN cards, etc.

Dhotre’s response in Lok Sabha was in response to a question raised by BJP MPs Tejasvi Surya and Prathap Simha on Wednesday.

37 govt websites have been hacked in 2020 so far

Dhotre also revealed that 54 government websites — both central and state — had been hacked in 2019. 37 such websites had been hacked in 2020 (until August). Between January and August 2020, 14 instances of insecure data hosting of government website-based services were also reported.

In July 2020, the Department of Telecommunications had reminded all government websites and portals that come within the ambit of the Department of Telecommunications — which includes websites run by NIC, all websites run by agencies and units within the DoT including MTNL, BSNL, TCIL, ITI Limited and BBNL — to submit a valid security audit certificate for their website. The original deadline was October 31, 2019 but even more than eight months after the deadline had passed, “the requisite information [was] still awaited”. The memo was issued in 2019 after data was exfiltrated from one of the web portals of the Department that did not have a valid security audit certificate.

Phishing incidents, e-commerce frauds, financial frauds in numbers

Between January 2018 and August 2020, 12 financial fraud incidents that affected ATMs, cards, point-of-sale systems and Unified Payment Interface (UPI) were reported. 6 of these frauds were reported in 2018, 4 in 2019 and 2 in 2020 (until August). In the same time period, the Indian Computer Emergency Response Team (CERT-In) tracked or received complaints about 1,120 phishing incidents, the IT Minister of State Sanjay Dhotre revealed in Lok Sabha on Wednesday.

This information was given in response to a question by BJP MP Sumedhanand Saraswati. Phishing is the fraudulent practice of inducing victims to reveal personal information such as passwords and credit card details via emails masqueraded as emails from reputed companies, government agencies, etc.

The Department for Promotion of Industry and Internal Trade (DPIIT) has received 49 complaints about frauds in online shopping “till date”, Dhotre revealed in Rajya Sabha on Thursday. BJP MP Bhagwat Karad had asked about the total number of complaints received by the government of India related to frauds in online shopping in the last five years but Dhotre did not define the time period.

Number of government websites hacked:
2019: 54
2020 (until August): 37

Number of financial frauds reported:
2018: 6
2019: 4
2020: 2

Number of phishing incidents tracked by CERT-In
2018: 454
2019: 472
2020 (until August): 194

Number of complaints received by DPIIT about frauds in online shopping: 49