(a) and (b): On May 20, 2019 WhatsApp reported an incident to the Indian Computer Emergency Response Team (CERT-In) wherein it mentioned that WhatsApp identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attack.
On September 5, 2019 WhatsApp wrote to CERT-In mentioning update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continues to review the available information. It also mentioned that WhatsApp believes it is likely that personal data within the WhatsApp app of approximately twenty users may have been accessed out of approximately one hundred and twenty one users in India whose devices the attacker attempted to reach.
The Government is committed to protect the fundamental rights of citizens, including the right to privacy. The Government operates strictly as per provisions of law and laid down protocols. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached.
(c): Section 43A of the Information Technology (IT) Act, 2000 establishes a legal framework for data protection in India. The section provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) rules, 2011 notified under section 43A explicitly define ‘sensitive personal information’ which includes “financial information such as Bank account or credit card or debit card or other payment instrument details of the users”
*******
Download PDF Files
