Swiggy admits to data breaches, says business is vulnerable to cyberattacks

The company also disclosed that as it grows and collects more data, the risk of significant failures in internal controls or data security measures increases.

By  Imran FazalSep 27, 2024 2:05 PM
Swiggy admits to data breaches, says business is vulnerable to cyberattacks
Swiggy filed an FIR against a former employee for fraudulently gaining unauthorized access to Swiggy's test systems.

In its updated Draft Red Herring Prospectus (DRHP), IPO-bound Swiggy reported that the food delivery aggregator experienced two cyberattacks leading to data breaches between 2022 and June 30, 2024. Swiggy acknowledged in the report that its platform and back-end infrastructure are susceptible to cyberattacks and security breaches, including social engineering, denial-of-service attacks, credential stuffing, ransomware, malware, employee errors, and malicious acts. Additionally, third parties may be able to access sensitive data.

Employee mistakes, misconduct, or errors in storing, using, or transmitting such data could lead to actual or perceived privacy or security breaches, or other incidents. The company also disclosed that as it grows and collects more data, the risk of significant failures in internal controls or data security measures increases, potentially resulting in breaches affecting more individuals and exposing Swiggy to greater liabilities, fines, and compensation claims.

Swiggy reported two potential data breach incidents for the three months ending June 30, 2024, and for the fiscal years 2024, 2023, and 2022. The first incident was detected in September 2022 during a technical infrastructure update, where some customers were able to view the last four digits of credit card details or parts of UPI handles of other customers. Although no complaints were filed and the incident had no adverse effect on operations or finances, Swiggy voluntarily reported it to the Indian Computer Emergency Response Team (CERT-In).

The second incident occurred in February 2023, when a former employee fraudulently gained unauthorized access to Swiggy's test systems. The issue was flagged by the monitoring system, and the breach was limited to the testing environment. There was no material impact on operations or finances, and Swiggy promptly updated its policies for employees and former employees, as well as filed a police report (FIR) against the ex-employee.

Swiggy emphasized that future attacks cannot be ruled out, stating, "Our platform and back-end infrastructure may be vulnerable to cyberattacks and security breaches, including social engineering, denial of service, credential stuffing, ransomware, and other malware, employee error, and malfeasance, among other sources of disruption. Third parties may be able to access data."

The company added, "Employee error, malfeasance, or other errors in the storage, use, or transmission of any of these types of data could result in an actual or perceived privacy or security breach or other security incident. Although we have policies, system controls, and checks to restrict access to the data we store, there is a risk that these policies may not be effective in all cases."

As Swiggy continues to grow, the company highlighted the increased risk: "The more personal data we hold, the greater the likelihood that a significant failure in our internal controls or data security measures could result in a data breach affecting more individuals, which could expose us to greater potential liability through fines and compensation claims, significant reputational harm, and a loss of trust that could deter users from using our platform."

First Published on Sep 27, 2024 2:05 PM

More from Storyboard18

Brand Makers

'She taught me purpose': How Priya Nair’s mother shaped HUL’s first woman CEO

'She taught me purpose': How Priya Nair’s mother shaped HUL’s first woman CEO

Brand Makers

Rohit Jawa to step down as CEO of Hindustan Unilever, Priya Nair named as successor

Rohit Jawa to step down as CEO of Hindustan Unilever, Priya Nair named as successor

Brand Makers

Who is Priya Nair - the first-ever female CEO and MD of HUL?

Who is Priya Nair - the first-ever female CEO and MD of HUL?

Brand Makers

Priya Nair appointed new CEO and MD of Hindustan Unilever, replaces Rohit Jawa

Priya Nair appointed new CEO and MD of Hindustan Unilever, replaces Rohit Jawa

Brand Makers

Zomato’s Deepinder Goyal buys Rs 52 crore apartment at The Camellias in Gurugram

Zomato’s Deepinder Goyal buys Rs 52 crore apartment at The Camellias in Gurugram

Brand Makers

'I don't even make a tenth of what's claimed': Apoorva Mukhija breaks silence on viral net worth rumours

'I don't even make a tenth of what's claimed': Apoorva Mukhija breaks silence on viral net worth rumours

Brand Makers

Meta’s $200 million bet on AI talent escalates Silicon Valley’s race for superintelligence

Meta’s $200 million bet on AI talent escalates Silicon Valley’s race for superintelligence

Brand Makers

Ad-maker Prasoon Pandey to direct his first feature film

Ad-maker Prasoon Pandey to direct his first feature film