India’s wave of high-profile data breaches isn’t the work of a new breed of hackers, it’s a failure of technology management. The same mistakes were made over and over: misconfigurations, poor oversight, and misplaced trust. These breaches didn’t stem from sophisticated attacks but from fundamental flaws in how we handle our tech.

Analysts like Gartner and Forrester have echoed this, pointing out that most cloud security failures are customer-driven, due to misconfigurations and poor visibility. With organizations assuming clouds and APIs were secure by default, the breaches that followed highlight a deeper, systemic problem: when tech isn’t properly managed, it’s bound to fail.

A major cause of breaches was the assumption that cloud environments, APIs, and enterprise software were secure by default. This assumption led to significant vulnerabilities that attackers exploited.

Cloud misconfigurations as a breach entry point

Cloud misconfigurations were the leading cause of breaches. These misconfigurations exposed sensitive data without the need for malware or sophisticated attacks. For example, a leading Indian finance firm experienced a security breach where unauthorized access was gained to its cloud infrastructure.

While no customer funds were lost, the incident underscored how misconfigured cloud environments could be easily compromised by attackers without exploiting software flaws.

APIs as silent channels for data exposure

APIs, designed to facilitate communication between systems, have become a key vulnerability. A notable case involved a mobility platform where hackers accessed personal data of over eight million customers, including names, phone numbers, and vehicle information. Although no financial data was compromised, the massive scale of the breach highlighted the risks of insufficient authentication, access control, and monitoring of APIs.

Supply-chain software exacerbates breach impact

The spread of enterprise operating systems across multiple suppliers has increased the potential for cyber-attacks. Attackers exploited a zero-day vulnerability in an enterprise software system, gaining access to critical functions like finance, HR, and procurement.

This breach demonstrated how vulnerabilities in widely used software could significantly impact multiple organizations at once, leading to data theft and extortion.

Identity and authentication failures lead to financial loss

BFSI companies suffered greater financial losses from identity theft than from traditional security breaches. For instance, a fintech company experienced a cyber attack that resulted in the theft of nearly a crore in digital gold. The breach occurred due to flaws in authentication and transaction control systems, illustrating the growing threat of cybercriminals exploiting compromised credentials rather than breaking into systems.

Data theft turns into extortion and executive threats

One concerning trend was the shift from stealing data to using it for extortion. In a high-profile case, attackers stole terabytes of customer data from an insurance company and then threatened company executives. This marked a shift in cybercriminal behavior, from quietly monetizing stolen data to leveraging it for threats against corporate leaders.

The silent crisis in tech management
These breaches reveal a structural issue, not isolated incidents. Attackers exploited weaknesses in systems where visibility, oversight, and ownership were lacking. Cloud, APIs, identity, and enterprise software are not inherently insecure; the risk emerges at their intersections.

To prevent future breaches, security leaders must focus on strengthening fundamentals, enforcing accountability, and improving visibility. If done correctly, these efforts can help reduce breaches and build stronger digital resilience in 2026.

(With inputs from Swati Sengupta.)

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!