No cyber breach into NIC email system, clarifies govt
The government dismissed the report and said NIC email system has various security measures like two-factor authentication and change of password in 90 days.
The government on Sunday rejected reports that data breaches in organisations like Air India, Big Basket and Domino's have exposed the email accounts and passwords of National Informatics Centre (NIC) emails to the hackers.
"There has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). The email system is totally safe and secure," the government clarified.
Also read: Data of millions on CoWIN portal safe, assures govt, denies reports of ‘hacking’
In response to the media report, the Union ministry for electronics and IT said cybersecurity breach on external portals may not impact the users of government email services, unless the government users have registered in the portals using their government email address and have used the same password as the once used in the official government email account.
On Saturday, a report claimed to have accessed internal communication and said, "Compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats as they are being used by “adversaries” to send malicious mails to all government users."
Several government officials, including defence ministry officials, were sent a malicious link through WhatsApp and SMS, asking them to update their Covid-19 vaccination status. The message asked the officials to click on https://covid19india.in for digital certificate of vaccination. The link would redirect them to a page with the government domain "@gov.in", which resembled the official website mygov.in, and asked for their emails and passwords, as per the report.
Dismissing the report, the government said NIC email system has various security measures like two-factor authentication and change of password in 90 days. Any change of password in NIC email requires mobile OTP and if the OTP entered is incorrect, the password could not be changed. The ministry also said NIC email is capable of mitigating any attempt of phishing using NIC email.
Also read: Domino’s Pizza says financial info safe, as data of 180 million users breached
"NIC also undertakes user awareness drives from time to time and keeps updating the users about potential risks and safety protocols," the ministry said.
In the last week of February, a highly sophisticated cyberattack targeted Air India that affected around 45 lakh "data subjects" in the world. Incidentally, government officials frequently choose Air India for their air travel.
In April, personal data of over 2 crore customers of Big Basket was put up for sale on the dark web.
In May, data of 18 crore orders of Domino's India became public and hackers created a search engine on the dark web. The data leak included name, phone number, email and GPS location.
