The Delhi High Court has sought the Central government’s stand on a plea concerning the alleged cyber security breaches and data leaks on the online platforms of BigBasket, Domino’s, MobiKwik and Air India. Justice Rekha Palli granted time to the counsel for the Centre to seek instructions and listed the petition by Yarlagadda Kiran Chandra, General Secretary of Free Software Movement of India, which claims to be a national coalition of various regional and sectoral free software movements, for hearing on September 23.
Learned counsel for the respondents, who appears on advance notice, prays for time to obtain instructions. List on September 23, 2021, the judge said in the August 13 order. In his petition, Chandra has prayed for a direction to Computer Emergency Respondent Team -India (CERT-In) to act on his representation and commence investigation and review the alleged data breaches. The petitioner has said that he wrote to the CERT-In on several occasions on the breaches of data of millions of users of Big Basket, Mobikwik, Domino’s and Air India platforms, urging it to investigate and update the citizens, but no action was taken.
Also read: Analysts air concerns over weak vitals of Vodafone Idea post Q1 results, say relief measures critical
He said that under Section 70B of the Information Technology Act, 2000, CERT-In is responsible for collecting and analysing information on cyber incidents and take emergency measures for handling cyber security incidents etc. The petition said that presently, since there is no law governing data protection in India and the aggrieved users do not have any legislative recourse against such breaches, an investigation by CERT-In on frequent data breaches at mass level is important to safeguard the privacy of users.
The data breaches at MobiKwik, BigBasket, Air India and Domino’s have leaked sensitive personal information of millions of users including their addresses, phone numbers, passport information, credit-debit card details, hashed passwords, bank accounts, KYC details. These breaches seriously impact the privacy of the users including their financial details and personal addresses, the petition reads.