Data Breach News

Durex India Data Breach Allegedly Exposes Customer Data

Durex India has been accused of a significant data breach that exposed sensitive customer information, including names, phone numbers, and payment details.

by Krishna Murthy August 30, 2024 Reading Time: 3 mins read

Source: X

Share on LinkedInShare on Twitter

Durex India, the local arm of the popular British condom and personal lubricants brand, has reportedly suffered a significant cyberattack that has exposed sensitive customer information online. The Durex India data breach reportedly involved a leak of sensitive customer data being accessible through an inadequately secured order confirmation page on the Durex India website.

The exposed information included full names, phone numbers, email addresses, shipping addresses, ordered items and payment details. The incident, discovered in late August 2024, raises concerns about data security practices and the potential consequences for consumers who shared their private details.

Scope of Durex India Data Breach and Response

Security researcher Sourajeet Majumder was the first to report this issue. on his X account. Majumder found that that over hundreds of customers were affected due to inefficient security measures on the brand’s order confirmation page. Although the exact number of customers affected and the duration of the vulnerability are still unknown, Majumder highlighted the gravity of the situation, given the intimate nature of the products involved.

“A leak as such not only puts the customer’s privacy at risk but also makes them prone to social harassment or moral policing,” he posted on X.

Source: X

Following his discovery, Majumder shared that he reached out to India’s Computer Emergency Response Team (CERT-In) which acknowledged his email. If proven, the potential consequences of this data breach could be critical. Durex India should take appropriate measures to protect the privacy and security of the stakeholders involved. Data breaches of this nature can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry.

As things stand, details regarding the extent of the Durex India data breach, data compromised, and the motive behind the cyber assault remain undisclosed.

To ascertain the veracity of the data breach, The Cyber Express has reached out to the officials of Durex India and its parent company Reckitt. As of writing of this news report, no response has been received from Durex or Reckitt leaving the data breach claim unverified.

Repercussions of Alleged Breach

This kind of data leak can have serious repercussions for affected customers. Having personal details like names, addresses, and phone numbers exposed online can be a significant privacy violation. These details can be used for targeted marketing campaigns, spam calls, or even identity theft.

In regions with conservative social norms surrounding sexual health, customers who purchased Durex products could be subjected to social stigma or embarrassment due to the exposed data. If payment information was also accessible, it could put customers at risk of fraudulent charges.

The Durex India data breach highlights the importance of robust data security practices in the e-commerce industry. Businesses that collect sensitive customer information, especially personal details related to health and wellness, have a responsibility to ensure the highest levels of security. Practices like secure coding, data encryption, and regular security audits are crucial to prevent breaches and protect customer data.

This incident also raises questions about data protection regulations in India. While the General Data Protection Regulation (GDPR) has been a driving force for data privacy in Europe, India is still in the process of finalizing its own comprehensive data protection framework. The potential effects of the exposed Durex India data on affected customers might highlight the need for stricter data security regulations in the country.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button