Monday, November 25, 2019

OnePlus probes breach; payment data secure

NEW DELHI: Chinese handset maker OnePlus has said it is working with authorities to further investigate a system breach that resulted in unauthorised access to certain information of users such as names, contact numbers, email and shipping addresses.In a statement to ET, India’s leading premium segment smartphone player, however, said “all payment information, passwords, and accounts are safe”.“OnePlus has notified impacted users that we have discovered some of their order information was accessed by an unauthorised party. We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email,” the company said. It added that it will work to prevent such incidents.Vikas Agarwal, general manager at OnePlus India, told ET the company is in the process of shifting its data to Amazon Web Services India servers from Singapore. Agarwal, however, did not offer comments if Indian authorities have been informed about the breach or the quantum of users affected in India.Cyber law expert Pavan Duggal said once the company finds a cybersecurity breach, it is mandated under Indian law to report it to CERTIN, India’s nodal agency for cybersecurity. “Nonreporting is an offence, and the top management can face consequences… The company must have a legal response approach and strategy to start addressing these challenges as they emerge,” he said.This is the second time since 2018 where One-Plus has been exposed to a data security breach. Last year, it confirmed over 40,000 customers had been affected by exposure of bank card details.72233487 OnePlus recently cemented its premium leadership in the July-September quarter with 35% market share, growing 95% on year, as per Counterpoint Research’s third-quarter data. The player witnessed its highest ever recorded shipment sales—0.74 million—in the third quarter, which was also the highest recorded shipment by a premium smartphone brand in the last three years.Duggal said most companies tend not to report such breaches to Indian authorities. “The onus is on company what all processes and procedures they have undertaken under Indian IT Act prior to breach.”“If a user finds data gone, then he/she can sue the company for unlimited damages under Section 43A of the IT Act. Also, the user can file criminal charges against company because when the user gives data, law requires intermediary to holds it in trust,” Duggal added.

from Economic Times https://ift.tt/33iqYaL

No comments:

Post a Comment