Swiggy admits to data breaches, says business is vulnerable to cyberattacks

The company also disclosed that as it grows and collects more data, the risk of significant failures in internal controls or data security measures increases.

By  Imran FazalSep 27, 2024 2:05 PM
Swiggy admits to data breaches, says business is vulnerable to cyberattacks
Swiggy filed an FIR against a former employee for fraudulently gaining unauthorized access to Swiggy's test systems.

In its updated Draft Red Herring Prospectus (DRHP), IPO-bound Swiggy reported that the food delivery aggregator experienced two cyberattacks leading to data breaches between 2022 and June 30, 2024. Swiggy acknowledged in the report that its platform and back-end infrastructure are susceptible to cyberattacks and security breaches, including social engineering, denial-of-service attacks, credential stuffing, ransomware, malware, employee errors, and malicious acts. Additionally, third parties may be able to access sensitive data.

Employee mistakes, misconduct, or errors in storing, using, or transmitting such data could lead to actual or perceived privacy or security breaches, or other incidents. The company also disclosed that as it grows and collects more data, the risk of significant failures in internal controls or data security measures increases, potentially resulting in breaches affecting more individuals and exposing Swiggy to greater liabilities, fines, and compensation claims.

Swiggy reported two potential data breach incidents for the three months ending June 30, 2024, and for the fiscal years 2024, 2023, and 2022. The first incident was detected in September 2022 during a technical infrastructure update, where some customers were able to view the last four digits of credit card details or parts of UPI handles of other customers. Although no complaints were filed and the incident had no adverse effect on operations or finances, Swiggy voluntarily reported it to the Indian Computer Emergency Response Team (CERT-In).

The second incident occurred in February 2023, when a former employee fraudulently gained unauthorized access to Swiggy's test systems. The issue was flagged by the monitoring system, and the breach was limited to the testing environment. There was no material impact on operations or finances, and Swiggy promptly updated its policies for employees and former employees, as well as filed a police report (FIR) against the ex-employee.

Swiggy emphasized that future attacks cannot be ruled out, stating, "Our platform and back-end infrastructure may be vulnerable to cyberattacks and security breaches, including social engineering, denial of service, credential stuffing, ransomware, and other malware, employee error, and malfeasance, among other sources of disruption. Third parties may be able to access data."

The company added, "Employee error, malfeasance, or other errors in the storage, use, or transmission of any of these types of data could result in an actual or perceived privacy or security breach or other security incident. Although we have policies, system controls, and checks to restrict access to the data we store, there is a risk that these policies may not be effective in all cases."

As Swiggy continues to grow, the company highlighted the increased risk: "The more personal data we hold, the greater the likelihood that a significant failure in our internal controls or data security measures could result in a data breach affecting more individuals, which could expose us to greater potential liability through fines and compensation claims, significant reputational harm, and a loss of trust that could deter users from using our platform."

First Published on Sep 27, 2024 2:05 PM

More from Storyboard18

Brand Makers

Local brands thrive amid Aatmanirbhar Bharat push; 45% of consumers prefer homegrown F&B products

Local brands thrive amid Aatmanirbhar Bharat push; 45% of consumers prefer homegrown F&B products

Brand Makers

All you need to know about Manish Tiwary - Nestle India's new MD

All you need to know about Manish Tiwary - Nestle India's new MD

Brand Makers

Navigating success: The legacy of Suresh Narayanan at Nestlé India

Navigating success: The legacy of Suresh Narayanan at Nestlé India

Brand Makers

Dentsu BX appoints Vishal Nicholas as EVP and Head of Strategy & Solutions

Dentsu BX appoints Vishal Nicholas as EVP and Head of Strategy & Solutions

Brand Makers

Manish Tiwary to be Managing Director of Nestlé India; Suresh Narayanan to retire next year

Manish Tiwary to be Managing Director of Nestlé India; Suresh Narayanan to retire next year

Brand Makers

AAAI re-elects Prasanth Kumar as President; Rana Barua becomes Vice President

AAAI re-elects Prasanth Kumar as President; Rana Barua becomes Vice President

Brand Makers

Retired IPS officer Sharad Kumar joins BCCI's Anti-Corruption Unit as new chief

Retired IPS officer Sharad Kumar joins BCCI's Anti-Corruption Unit as new chief

Brand Makers

IIT Kanpur to felicitate IPG Mediabrands' Shashi Sinha with 'Distinguished Alumnus Award 2024'

IIT Kanpur to felicitate IPG Mediabrands' Shashi Sinha with 'Distinguished Alumnus Award 2024'