Data Breaches in Nepal: Understanding the Risks and Solutions

Published On: October 3, 2023 09:00 AM NPT By: Shreeyukta Aryal

Data plays an essential role in a technological era due to the broad range of confidential information, including user activity, financial data, and personal info, as an enormous volume of data is generated, transmitted, and stored using digital devices, online services, and IoT. Due to this, the possibility of data breaches looms big in an increasingly interconnected globe, affecting both developed and developing countries. More than ninety percent of Nepal’s population has access to the Internet, as per a research conducted by Nepal Telecommunication Authority (NTA). Nepal may seem a world away from regions of cyber threats, but it still risks exposure to data security vulnerabilities. As we progressively depend on digital networks for governance, business, and communication, the magnitude of protecting sensitive details has never been more overriding. This article reflects on the growing issue of data infringements in Nepal, accentuating the struggles and setting out practical steps to lower dangers and protect classified data in the digital age. The digital revolution has significantly altered people's lives by introducing novel opportunities and innovation. Our daily existences have become more effortless, granting us unprecedented possibilities. Since the COVID-19 pandemic, many individuals have shifted from physical to digital aspects of their lives. The COVID-19 pandemic has amplified the need for online payment methods, e-commerce systems, and educational technology (EdTech) offerings globally, including in Nepal. As demands for social distancing, work-from-home arrangements, and virtual learning have skyrocketed, digital solutions have become more demanding. Although many found it challenging to adjust to online learning and working from home, sooner or later, we all adapted quickly. From placing grocery orders online to carrying out banking transactions from the comfort of their homes, the rise in the utilization of digital services has paved the path for progress in the tech sector.

Tech companies regard data as a gold mine because it provides insightful information about customer behavior, trends, and preferences. It uses data analytics tools to examine massive datasets, spot trends, and come to well-informed conclusions regarding product development, marketing tactics, and consumer interaction. Tech firms may boost their bottom line and get a competitive advantage in the market by leveraging the power of data in various industries, such as banking, healthcare, education, and government agencies. Regardless, it is crucial to carefully consider the potential dangers that may come with these benefits. On the other hand, increasing dependence on digital infrastructure has created opportunities for hackers to exploit vulnerabilities. The threat of data breaches looms large. When individuals gain unauthorized access to private data, they compromise its accessibility, privacy, and security. These cyber threats can come in different shapes and sizes, from devious cybercriminal strategies to unintentional failures in data protection.

It is concerning that many individuals remain unaware of data breaches. Although we eagerly embrace the digital world, we often click, share, and sign in without fully understanding the digital contracts we agree to. It can instantly disclose private or confidential data, which can have adverse effects. We should safeguard our data to protect ourselves against cyber threats and create a safe and secure online environment to retain our privacy and safety - it is essential to be aware of digital hazards.

Data breaches have become a growing issue in Nepal, posing significant risks and challenges. For instance, in 2020, Foodmandu, a well-known e-commerce food delivery business, fell victim to a vicious cyber-attack. The hackers gained access to the names, addresses, and phone numbers of 50,000 customers, exposing their sensitive information. The attacker later published this private information on a website, jeopardizing the security and privacy of Foodmandus’ clients. This event emphasizes how important it is for companies to take cybersecurity procedures to protect the personal data of their clients, and for consumers to be equally diligent. Even though Foodmandu took immediate action to address the security flaw in its online application, the event served as a sobering warning that even reputable businesses in Nepal's digital economy are not exempt from the dangers of data leaks.

In 2020, an alarming data breach shook Vianet's customers: Nepal's significant internet service provider (ISP). A vulnerability in the company's system enabled unauthorized access to the confidential information of more than 170,000 people, such as names, emails, phone numbers, and other data. This violation revealed the sensitive information of Vianet subscribers, consequently putting them in peril of different fraudulent activities, including phishing and identity theft.

In the advanced tech-centered world we inhabit now, data hacks are a serious issue as they can cause catastrophic effects on people. The victims are left to deal with the fallout after cybercriminals carry out fraudulent transactions using stolen data. Since it can lead to unlawful account openings, loans, and other financial actions in the victim's name, identity theft has a particularly damaging effect. The emotional toll is severe, with the invasion of privacy leaving victims feeling anxious, afraid, and violated. In addition, leaking private or embarrassing material might harm one's reputation, and therefore, individuals may become more open to further exploitation as breaches of personal information imperil privacy. As victims navigate privacy laws and regulatory obligations, legal repercussions might occur.

Many people struggle to keep their online information private because they believe digital platforms are secure, are unaware of cybersecurity concerns, and prioritize convenience before security. The tremendous volume of data produced in today's society might also make it challenging to comprehend the importance and sensitivity of personal information. Complex cybersecurity safeguards and a lack of education on appropriate practices make the issue worse. In light of this, it is important to spread knowledge about data security and to motivate people to take proactive measures to safeguard their online information in modern society.

In 2017, one of the private-sector commercial banks in Nepal, NIC Asia Bank, was the victim of a hack attack that resulted in hackers sending fraudulent money transactions through the SWIFT interbank messaging system. Hackers violated the bank's security, gaining unlawful access to confidential customer data. As a result, countless customers' private details like account numbers, amounts, and transaction records were made public. This incident eroded the public's trust in the banking industry, also causing financial losses.

Data violations are a big concern for corporations and organizations as they cause significant financial losses. The consequences include potential harm to reputation, legal penalties, expenses incurred in mitigating the breach, and investments in security upgrades. Smaller enterprises may find it particularly difficult to recover from the financial setbacks they experience.

They emphasize the importance of enhancing cybersecurity strategies in public and private organizations. Nepal could set out and implement more rigid data protection laws and regulations to diminish the exposure of data vulnerabilities. Such a problem not only affects people's lives personally and economically, but it also jeopardizes national security.

When government organizations or essential infrastructure of businesses get hacked, attackers may expose sensitive data, putting national security objectives at risk. The breaches happen because people and organizations lack an understanding of cybersecurity. This lack of awareness makes them more vulnerable to widespread cyber threats like phishing and malware. Weak security measures such as utilizing simple passwords, not keeping software up-to-date, and insufficient encryption create openings that hackers can exploit. As corporate entities continue to depend more on exterior services, cognizance of potential weak spots is essential. Cybercriminals can take advantage of vulnerabilities in these third-party systems. In addition, malicious actors can exploit gaps in outdated or inadequate legislative frameworks that deal with cybersecurity and data protection.

Nepal's first and largest digital wallet, eSewa, experienced a data breach in October 2020. During the event, a cybercriminal divulged the confidential information of at least 21 persons, which included their electronic mail addresses, concealed passwords, and account funds. The violation could have occurred due to the lack of OTP (One-Time Password) authentication during the Internet sign-in procedure. The company disputed any hacking or direct data theft. Instead, they attributed the compromise to unauthorized access obtained through a phishing scheme. However, they recognized that the data breach was through third-party websites.

Nepal ought to devise a comprehensive policy to counter data breaches. Educating and training people on cyber security is an effective way to promote awareness and get individuals and entities to take proactive steps. It's crucial to implement multi-factor authentication, consistent software updates, and strong data encryption to enhance digital system security. Evaluating and monitoring third-party service provider security measures is significant. Nepal should update its cybersecurity regulations to align with current risks and best practices. Developing and testing incident response procedures is vital. Improving collaboration and information sharing can enhance Nepal's overall cybersecurity. The country has taken steps towards addressing cybersecurity issues through initiatives like the National Cybersecurity Framework. Data security includes strategies, tools, and controls to protect digital information. Its primary goal is to safeguard confidential data and make it available only to authorized personnel. Effective defensive systems are essential to safeguard against cyberattacks and suspicious access attempts, reducing risks by preventing sensitive information disclosure and ensuring compliance with data protection laws.

In developing countries like Nepal, the main topic of discussion reflects this trend with significant nuances.  Nepal's data privacy is still developing compared to international norms. Despite not having a comprehensive data protection regulation like the GDPR (General Data Protection Regulation), Nepal's constitution recognizes the right to privacy as being essential. Data protection rules are in there, but there are no enforcement methods. However, problems still exist. Data leaks of leading companies of Nepal, including eSewa, Foodmandu, Vianet, NIC Asia have heightened concerns about data security and privacy in the digital era. While digital payment systems like eSewa provide convenience, they also pose risks, such as data breaches that can compromise sensitive user information and transaction history. It is imperative for organizations to take robust technical security measures to protect themselves from data breaches. The processes and techniques, including intrusion detection systems, access limitation, and encryption techniques, can be employed to guarantee safety and security. By utilizing these safeguards, businesses can drastically reduce their susceptibilities to cyber-attacks and assure the confidentiality and accuracy of confidential data. Data minimization techniques and frequent security audits can help identify and address potential vulnerabilities. Nepal must establish strong privacy policies that align with international data privacy trends and adhere to strict data protection laws to increase public trust and promote responsible data usage.

Leave A Comment