Durex India, the local branch of the popular British condom and personal lubricants brand, was target of a cyberattack, leading to a major Security Breach that exposed sensitive customer information online. The data leaked includes names, phone numbers, addresses, ordered items and payment details of customers, raising serious privacy concerns.
The whistleblower of the breach, Sourajeet Majumder, observed this vulnerability in late August 2024. He took to the social platform X to announce the data breach stating that the customer details are being leaked due to a misconfiguration in the order confirmation page of Durex India.
Security Breach
Majumder has stated that he contacted India’s Computer Emergency Response Team (CERT-In) which acknowledged his email. However, any concrete action or public statements have not been provided. Durex India has not yet disclosed any information related to the extent of the breach, data compromised or the motive behind the attack.
This data leak holds multiple repercussions for both customers and the company. Along with putting customer privacy at risk the breach can lead to cases of identity theft, financial fraud, targeted marketing campaigns and spam calls. In regions with conservative social norms surrounding sexual health, having such purchases exposed could lead to social harassment or moral policing. For the brand, this could lead to a loss of trust among clients, likely risking the company’s standing in the industry.
This incident highlights the crucial importance of robust data security in e-commerce, especially for businesses that dealwith sensitive products. It calls for stringent security practices and data privacy regulations for India. While Europe already has the General Data Protection Regulation (GDPR) governing data privacy, India is still in the process of finalizing its own data protection framework.
As the shift towards ‘online’ continues, incident like this underscore the need for stricter security policies, robust data security regulation and privacy awareness. After all, now it’s not only about protecting credit card details anymore; it’s also about guarding people’s personal choices and dignity.
