PERSONALLY IDENTIFIABLE INFORMATION (PII)

• Personally Identifiable Information (PII) refers to any data or details maintained by an organization or agency that has the potential to identify a specific individual.
• This encompassing information includes data such as Aadhaar, PAN, voter identity, passport details, date of birth, contact numbers, communication addresses, and biometric information.
• The components of PII may vary based on an individual's home country.
• Additionally, non-PII, when combined with supplementary information, can also be utilized to identify a person.
• Non-PII information may consist of photographic images, especially those highlighting facial or other distinctive features, place of birth, religious affiliation, geographical indicators, employment details, educational qualifications, and medical records.
• The comprehensive nature of this information enables accurate identification of individuals.
• While access to a single set of PII may pose a risk to online security, unauthorized access to multiple databases could potentially lead to the identification and targeting of specific individuals.

• The distinction between sensitive and non-sensitive Personally Identifiable Information (PII) lies in the level of potential harm and the ability to accurately identify individuals.
• Non-sensitive PII encompasses publicly available information that can be stored and transmitted without encryption.
• Examples include details like zip code, race, gender, and religion. While these details are part of an individual's information, they are not sufficient to accurately identify that person.
• Sensitive PII, when exposed, holds the capacity to identify individuals accurately and may lead to potential harm.
• This category includes crucial components stored by entities such as employers, government organizations, banks, and other digital accounts used by individuals.
• The exposure of sensitive PII poses a higher risk due to the potential for misuse, making protection and encryption essential for safeguarding individuals from identity theft or other malicious activities.

The exposure of Personally Identifiable Information (PII) due to cyberattacks and vulnerabilities in digital infrastructure poses various risks to individuals:

• Threat actors can leverage exposed PII to launch targeted attacks on individuals. This may involve crafting phishing messages with personalized information to deceive individuals and gain unauthorized access to their accounts.
• Exposed PII can be misused for fraudulent activities, such as opening unauthorized bank accounts or siphoning funds from accounts associated with government welfare programs.
• Threat actors may use the exposed information to impersonate individuals, leading to identity theft. This can result in unauthorized access to various services, accounts, or benefits.
• Cybercriminals may exploit the exposed PII to obtain cellular connections, and credit cards, or compromise the security of an individual’s digital accounts, leading to unauthorized access and potential misuse.
• Exposed PII is often traded on the dark web, where threat actors buy and sell personal information. This can contribute to a broader ecosystem of cybercrime and illicit activities.

In 2023, several incidents highlighted the compromise of Personally Identifiable Information (PII) in India:

• Reports revealed that a Telegram bot was responsible for returning the personal data of Indian citizens registered on the COVID-19 vaccine intelligence network (CoWIN) portal for vaccination. This breach raised concerns about the exposure of sensitive information.
• An American cybersecurity company reported the sale of PII belonging to 815 million Indian citizens on the dark web. The compromised data included Aadhaar numbers and passport details. While the government of India denied a biometric data leak, an investigation was initiated, resulting in arrests in Bihar.
• A data breach was reported on the RailYatri platform in January 2023, indicating vulnerabilities in the security of personal information.
• According to a Re-Security report, 67% of Indian government and essential services organizations experienced a significant surge of over 50% in disruptive cyberattacks. This heightened risk posed a threat to critical infrastructure and essential services.
• A survey of 200 IT decision-makers revealed that 45% of Indian businesses encountered a substantial increase of more than 50% in cyberattacks. This trend indicated a broader challenge for businesses in safeguarding sensitive information.

Protecting Personally Identifiable Information (PII) is crucial, and individuals can take several measures to enhance their privacy and reduce the risk of exposure:

• When visiting websites, especially unfamiliar ones, look for "HTTPS" in the URL. The "S" indicates a secure connection, safeguarding information from potential threats. Some browsers also display a lock symbol in the URL bar to denote a secure website.
• Employ a Virtual Private Network (VPN) when accessing sensitive information on public networks. A VPN encrypts your online connection, adding an extra layer of security to protect PII from unauthorized access on public networks.
• Keep a close watch on essential identity documents such as Aadhaar, passport, PAN, and Voter ID. Refrain from sharing or accessing these documents through unknown devices. If using public facilities like photocopy shops, ensure thorough deletion of documents to prevent misuse.
• Avoid sharing excessive personal information on social media platforms. Limiting the details publicly available reduces the risk of unauthorized access and potential misuse.
• Stay alert for phishing attacks, especially if your PII has been leaked. Phishers may use this information to create convincing messages. Verify the legitimacy of communications and avoid clicking on suspicious links.
• Regularly review bank account transactions, credit card statements, and credit scores. Any unexpected changes in credit scores could indicate potential misuse of PII to procure credit cards or conduct fraudulent activities.