25 Major Cyber Attacks in India: Threats and Strategies

India has seen a sharp rise in cyberattacks over the last few years, which has turned data protection into a top security concern. According to CERT-IN, between 2021 and mid-2025, India recorded more than 2.2 million cybersecurity incidents, averaging more than 3,000 attacks per day, with financial services, healthcare, telecom, and government platforms among the hardest hit. 

Hackers focused on cloud misconfigurations, unpatched servers, and weak internal access controls. The list below tracks 25 major cyberattacks in India from 2021 to 2025, showing how they happened and what strategies can be used to prevent similar breaches.

1. Angel One AWS resource breach/potential data leakage, February 2025

Angel One, India's largest broking firm, was recently hacked. Hackers gained access to an unsecured AWS storage bucket linked to it, exposing the sensitive data of 7.9 million users, such as trading details, email addresses, and customer IDs. Cloud management made sensitive data visible on public servers. To avoid such scams, similar companies must audit all cloud buckets, enable encryption, and always restrict public access through IAM (Identity and Access Management) rules.

2. AI-generated Phishing and Infostealer Surge, 2025

In 2025, several Indian banks and fintech platforms reported a rise in AI-generated phishing scams. Attackers used a realistic, AI-written email to fool users into giving away credentials. Thousands have already fallen victim to these smarter phishing campaigns by unknowingly entering their bank credentials, leading to financial losses and identity theft. 

Attackers also used voice cloning and deepfake technology to impersonate officials, which makes the deception look more convincing. One must consider the fact that constant user training, spam filters, and AI-based email scanning tools block most phishing messages before they reach inboxes.

3. Aditya Birla Capital Digital (ABCD) App Hack, 2025

Hackers targeted a weakness in the ABCD mobile app API, revealing customers' loan and PAN details. The attackers targeted unprotected endpoints, which allows data scraping. API vulnerabilities remain a growing concern for finance apps. However, routine code audits with secure token validation and regular app updates can stop such data exposure.

4. Star Health Threats, May 2025

Star Health, one of India's largest health insurers, experienced a major data breach that affected 31 million policyholders; much of the core information, including medical records, insurance details, and personal information, was breached and even published on the dark web. This breach shows how healthcare data can be exploited for identity theft. Encrypting health records, segmenting sensitive systems, and ensuring continuous monitoring can reduce such risks.

5. Delhi Hospitals Ransomware Attack, June 2025

Delhi's Sant Parmanand and NKS Super Speciality hospitals were targeted by ransomware that locked almost all patient and billing data. Over 60,000 records were affected by this attack. The attack used phishing emails to deliver ransomware payloads. The malware spread quickly through unprotected hospital networks. 

Hospitals should isolate administrative and patient data systems, train staff to identify suspicious emails, and maintain offline data backups.

6. Kolkata Police Cyber Crime Wing Data Breach, August 2025

Weak internal passwords and a lack of access control allowed hackers to access internal police systems, where investigation details from the Cyber Wing in Kolkata were leaked. This breach exposed officer credentials and case data. The attack raised alarms about insider threats and the need for stronger law enforcement cybersecurity. 

Police and law enforcement agencies should adopt role-based access control, enforce password rotations, and enable two-factor authentication for internal systems.

7. Multiple Cyberattacks on Indian Governments, 2024.

Multiple state e-governance portals were hacked in 2024, leaking citizen Aadhaar and bank details. At least 2.5 million records were compromised across several platforms. Many portals lacked basic HTTPS encryption, which allowed attackers to exploit outdated plugins and weak admin passwords. 

That's why regular CMS updates, secure admin logins, and government-wide cybersecurity policies are vital for protection. Every e-governance platform must undergo quarterly vulnerability assessments and follow a national cybersecurity standard to protect public data.

8. Polycab Ransomware Attack, March 2024

Polycab India, a top cable manufacturer, suffered a ransomware attack, causing a Rs 20 crore operational loss. The breach started from an infected employee workstation and ended with hackers encrypting internal files and demanding high payments. The attack also affected the supplier and distributor network, exposing the ripple effect of industrial cyber incidents.

9. Indian Energy Sector Attack, 2024

This breach shows the exposure of operational technology systems, where hackers tried to infiltrate India's power grid through malware-infected email attachments sent to energy employees. The attack aimed to disrupt the electricity supply but was quickly contained. 

Tip: Separating IT and OT networks and constantly monitoring power infrastructure can prevent major outages like this. Moreover, conducting red team simulations and regular cybersecurity drills helps reduce the chance of large-scale blackouts.

10. BSNL Data Breach, May 2024

Personal details of 2.9 million broadband subscribers were leaked from a BSNL database due to old, unpatched systems. Leaked data included phone numbers and service details. The breach came from a neglected internal server. The outdated system, left without proper monitoring, became an easy entry point. Updating infrastructure and restricting admin access can prevent similar service providers.

Read Also: Top 30 Best-Known Cybersecurity Case Studies 2025

11. UP Marriage Assistance Scheme Leak, 2024

The Uttar Pradesh Marriage Assistance Scheme is a welfare initiative aimed at helping low-income families. Data from the welfare portal of Uttar Pradesh leaked, including Aadhaar, bank details, and contact information, affecting 200,000 applicants. The data was found indexed on search engines, shockingly. The root cause was traced to poor web server configuration and missing access restrictions. A web firewall and regular penetration testing could have prevented this from happening.

12. Airtel India Customer Database Leak (375 Million Users), June 2024

Hackers claimed to sell a database of 375 million users, which would be nearly 25% of India's population. Airtel denied the break, but the data was widely shared online. The leak included Aadhaar numbers and personal details. Even if false, it revealed risks from third-party data handling. Telecom companies must run vendor audits and apply zero-trust security across all databases, anonymising customer data wherever possible to reduce exposure if leaks occur.

13. WazirX Hack, July 2024

Crypto firms must use cold wallets for storage and conduct third-party code audits before deploying smart contracts. WazirX, a crypto exchange, was targeted by hackers who were exploiting blockchain smart contract vulnerabilities. Roughly $230 million worth of assets were at risk. This breach clearly highlights that public blockchain code, if left unaudited, can create hidden backdoors.

14. boAt India Data Breach, 2023

Encrypting user data and applying hashed passwords are key to securing e-commerce databases. In 2023, an unsecured server was recently exposed, exposing 7.5 million customer records, including names and contact information. The leak spread on Telegram and hacking forums. Weak password protection made recovery even harder. Many users later reported spam calls and targeted ads due to leaked data.

15. Telangana Police's Hawk Eye App Data Breach, 2023

Hackers accessed the Hawk Eye mobile app, revealing user profiles and feedback reports. The app, meant for citizen safety, accidentally exposed personal data through a misconfigured API. Public-facing government apps should use token-based access, secure API gateways and regular security reviews before each software update.

Read Also: Top 50 Cyber Security Projects for Final Year Students (2025 Edition)

16. Hyundai Motor India Data Leak, 2023

Thousands of car owners whose contact and vehicle details were stolen were found on the dark web. The source of the breach was traced to a third-party vendor responsible for managing the dealer's database. 

Weak vendor access controls and outdated security measures worsened the system, risking identity misuse because the data appeared on dark web forums for sale.

17. SPARSH Data Breach, 2023

The Ministry of Defence's SPARSH portal suffered a breach, which exposed pensioner IDs and bank details. Hackers used credential stuffing techniques on weak passwords. This breach raised national security concerns as the portal handled sensitive military data. Multi-factor authentication, stronger password policies, and regular login behaviour analysis can stop similar attacks.

18. Sun Pharma Cyber Attack, 2023

Pharmaceutical giant Sun Pharma's ransomware disrupted its internal operations and supply chain, causing Rs. 30 crore in losses. Hackers entered through a phishing email and encrypted internal servers.

Companies should train employees to identify phishing attempts, install anti-ransomware software, and maintain offline data backups for rapid recovery.

19. BharatPe Hacked: August 2022

Phishing emails led to a breach of employees' inboxes, leaking internal documents and financial reports. The attackers used social engineering to mimic trusted contacts, tricking employees into sharing login credentials. While no customer data was stolen, the breach hurt investor confidence. Using email MFA, spam filters, and awareness campaigns can block future phishing attempts.

20. Cyberattack on AIIMS: December 2022

India's top hospital, AIIMS, suffered a ransomware attack that took 3 million patient records. The servers remained slow for approximately two weeks, which caused major disruption. 

Read Also: The Rise of Agentic AI in Cyber Warfare: Implications for Global Security

21. CloudSEK Data Breach: December 2022

In 2022, hackers stole internal data from the cybersecurity firm CloudSEK and exposed API keys on GitHub. The breach revealed how even security companies can be vulnerable. Never use credentials in code repositories, and rotate all access tokens regularly.

22. Swachhta Platform Hacked, September 2022

Hackers breached India's Swachh Bharat (Clean India) platform, a government site that collected public sanitation feedback and cleanliness reports. The attackers took advantage of outdated CMS plugins and weak credentials, allowing them to deface the homepage and delete parts of the citizen feedback database.

23. Zivame Data Breach, 2022

In 2022, Indian lingerie retailer Zivame experienced an excessive data breach exposing personal and transactional information of nearly 1.5 million customers. The data included names, phone numbers, email addresses and partially masked payment records. Investigators traced the cause to an unsecured database server left open to the public without password protection. The leaked dataset appeared later on dark web forums for sale.

24. Air India / SITA Passenger Data Breach, 2021

Recently, in 2021, a global cyberattack on SITA, the IT provider for various airlines, exposed personal data of over 4.5 million Air India passengers, which included passport details, ticket numbers, birth dates, and contact information. The breach was traced to unauthorised access in SITA's passenger service system, which connected multiple airlines worldwide, compromising long-term passenger privacy.

That's why airlines and travel companies must vet all external vendors for compliance with strict cybersecurity standards, enforce encryption for shared databases and deploy continuous threat detection across connected systems.

25. Domino's India Customer Data Leak, 2021

Hackers exposed nearly 180 million customer order details, including their names, phone numbers and even GPS coordinates. Attackers used an unsecured server within the company's order-tracking infrastructure, and later they published the full dataset on the dark web. The exposed location information was essentially alarming, as it could reveal customers' routines and residential details. 

Companies handling location-based services should encrypt all customer data, mask stored addresses and set strict retention periods for order records. 

Read Also: Zero Trust Security: The Future of Cyber Defense

In the End

India's cybersecurity reflects both rapid progress and rising exposure. Attackers have now shifted to multi-stage ransomware, insider misuse, and AI-generated phishing. Organisations that invested early in zero-trust controls, employee awareness programmes, and regular threat monitoring have contained incidents faster and have limited damage. 

Every sector, private or public, must treat cybersecurity as an operational priority rather than a compliance task tied to reputation, customer trust, and business continuity.

Frequently Asked Questions

Which sector faces the most cyber threats in India?

The financial, healthcare, telecom and e-commerce sectors top the list due to their high data value. Banking APIs, digital payment apps, and hospital systems are common ransomware and credential theft targets.

What are the main reasons behind the rise in cyberattacks in India?

The main reasons are rapid digitisation, weak password habits, over-reliance on cloud storage without proper encryption, and phishing campaigns using AI-written messages.

How can individuals protect themselves from data leaks in India?

Use unique passwords, turn on two-factor authentication, avoid public Wi-Fi for banking, and never click unknown links in SMS or WhatsApp messages.