Only 3 US Security breaches linked to India?
By Bala Shah

In Feb, 2010, NASSCOM released a report which detailed how the Indian IT and BPO exports had touched 50 Billion dollars in the last year and will experience double digit growth this year.  According to NASSCOM, Indian IT-BPO has 51 % of the global outsourcing market. The IT-BPO sector accounted for 5.9 % of India’s GDP.

The outsourcing juggernaut has 450 delivery centres in 60 countries.  India will only lose its growing market share if its costs keep rising and/or there is uncertainty about the security of data processed in our country.

But if we examine the data security breaches in America since 2005, it seems that only 3 can be directly or indirectly linked to Indians in USA or India.

California-based Privacy Rights Clearinghouse (PRC) was established in 1992 and is a nonprofit consumer organization with a two-part mission - consumer information and consumer advocacy. It has won numerous awards including the US Privacy Champion Award from Electronic Privacy and Information Center (EPIC).  PRC has also been honored by America’s most respected digital rights organization - Electronic Frontier Foundation.

Privacy Rights Clearinghouse (PRC) has collated and analyzed security breaches in USA since 2005 and found that up to 353 Million records have been compromised.  Of these hundreds of security breaches, only 3 can be linked to Indians.  The 3 are

“
-  2007:  Indian Consulate via Haight Ashbury Neighborhood Council recycling center (San Francisco, CA). Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.

- 2009:  Northeast Orthopaedics (Albany, NC).  Records of more than 1,000 patient visits to Northeast Orthopaedics, a large Albany surgical practice, have been posted on the Internet. The records appeared on the Web site visvabpo.com, which seems to be a defunct company in India called Visva BPO. Those records include patient names, birth dates and Social Security numbers.

- 2009: Symantec warned a small number of customers that their credit card numbers may have been stolen from an Indian call center used by the security vendor. Symantec sent out warning letters, after the BBC reported that it managed to purchase credit card numbers obtained from Symantec's call center from a Delhi-based man. The letters were sent to just over 200 customers. Most of those notified are in the U.S., but the company also notified a handful of customers in the U.K. and Canada.
“

While clearly there were more breaches in India based IT and BPO companies which were resolved by the local police, the figures collated by Privacy Rights Clearinghouse do give us a better perspective of the issue.