Professional Documents
Culture Documents
Databreachnotification
Databreachnotification
35 Bellandur Road,
Marathahalli,
Bengaluru 560037
To
Mr. [●]
Indian Computer Emergency Response Team (CERT-In),
Ministry of Electronics and Information Technology (MeitY),
Electronics Niketan,
6, C.G.O. Complex Lodhi Road,
New Delhi,
PIN-110003
Dear [●],
We regret to inform you that our company, X Kart India Limited, has experienced a significant data breach due to a ransomware attack on our systems. We are reporting this
incident to comply with the data breach reporting obligations outlined in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data or Information) Rules, 2011.
Upon discovery of the breach, our incident response team initiated an investigation to assess the extent of the compromise and identify the affected individuals. We have
engaged cybersecurity experts to assist us in containing the attack, restoring affected systems, and enhancing our security measures to prevent future incidents.
We understand the gravity of this situation and assure you that we are committed to safeguarding the privacy and security of our customers' data. We are implementing
additional security measures and strengthening our defenses to prevent similar incidents in the future.
Should you require any further information or assistance regarding this matter, please do not hesitate to contact us
Sincerely,
Mr Nidayan Mukherjee
Privacy Manager,
XKart India Limited
PS: Please find attached the Incident Reporting Form to be submitted to CERT-In in case of a cyber attack
Incident Reporting Form
unauthorized access of IT systems/data and associated systems, networks, Block chain, virtual assets, virtual asset
software, servers exchanges, custodian wallets, Robotics, 3D
Defacement or intrusion into the website
Attacks or incident affecting Digital and 4D Printing, additive manufacturing,
Malicious code attacks Drones
Attack on servers such as Database, Mail and DNS Payment systems
and network devices such as Routers Attacks through Malicious mobile Apps Attacks or malicious/ suspicious activities
Fake mobile Apps affecting systems/ servers/software/
Identity Theft, spoofing and phishing attacks
Unauthorized access to social media applications related to Artificial Intelligence
DoS/DDoS attacks accounts and Machine Learning
Attacks on Critical infrastructure, SCADA and operational technology systems and
Wireless Attacks or malicious/ suspicious activities Other (Please Specify)
networks affecting cloud computing systems/servers ----------------------------------------------------------
Attacks on Application such as E-Governance, E -
Commerce etc. ----------------------------------------------------------
Furthermore, the compromised systems also house critical business data and operational information necessary for
inventory management, supply chain logistics, and financial transactions. The disruption caused by the ransomware attack
has significantly impacted our ability to fulfill orders, manage inventory, and maintain business continuity.
Basic Information of Domain/URL: https://XKart.com/
Affected System IP Address: 192.158.1.38
(Provide information Operating System: WooCommerce
that is readily
Make/ Model/Cloud details:
available.)
Affected Application details (If any):
Location of affected system (including City, Region & Country): Bangalore, Marathahalli, India
The ransomware attack targeted our organization, compromising critical customer databases containing sensitive
information. The attackers encrypted the data, rendering it inaccessible to the retailer, and subsequently demanded a
ransom payment for its decryption. Although the company had backups in place, the attackers threatened to publicly release
the compromised data unless their ransom demands were met. The potentially compromised data includes a range of
personal and transactional information, such as customer names, shipping addresses, email addresses, phone numbers,
purchase history, and partial credit card information (last 4 digits and expiration date). This attack poses significant risks to
the affected customers, as their personal and financial information may be exposed to unauthorized parties, leading to
potential identity theft, fraud, and other malicious activities.
Note: (i) This form provides general guidance in terms of information which could be relevant to the incident.
(ii) It is not mandatory to fill and/or sign this form. Incidents may also be reported by providing relevant information in the communication itself or in any other readable form.
(iii) Reporting entity may, if desired, also provide relevant information other than mentioned in this form.
Mail/Fax incident reports to: CERT-In, Electronics Niketan, CGO Complex, New Delhi 110003 Fax:+91-11-24368546 or email at: incident@cert-in.org.in