Netcore Cloud Pvt. Ltd Data Breach: Over 40 Billion Records Exposed

Netcore Breach Discovered: Netcore Cloud Pvt. Ltd, a leading marketing company in India, experienced a massive data breach affecting over 40 billion records. The leaked data included highly sensitive information such as emails, IP addresses, banking activity notifications, and other Personally Identifiable Information (PII). Security researcher Jeremiah Fowler discovered this unencrypted database, publicly accessible without password protection, and a colossal size of approximately 13 terabytes.

Understanding Personally Identifiable Information (PII)

PII Definition: Personally Identifiable Information (PII) refers to any data that can be used to identify a specific individual, either directly or indirectly, on its own or when combined with other information linked to that individual. This information exists in many forms and varies in sensitivity. PII is classified into two main types:

• Sensitive PII: This refers to personal information that can uniquely identify an individual and poses a serious risk of identity theft or fraud if compromised. Examples of sensitive PII include Social Security numbers, driver's license numbers, passport numbers, credit card numbers, bank account numbers, biometric data (such as fingerprints or facial scans), and genetic or medical records.
• Non-Sensitive PII: This is information generally available to the public and does not pose a significant threat to an individual on its own if shared or disclosed. However, non-sensitive PII can become sensitive when combined with other data to form a more detailed picture of an individual's identity. Examples of non-sensitive PII include full name, date of birth, zip code, employment information, and email addresses. Even non-sensitive information like gender, zip code, and date of birth can identify up to 87% of US citizens when combined (IBM, publication date: September 16, 2025).

Details of Leaked Data: The data leaked in the Netcore incident included sensitive personally identifiable information that could expose affected individuals to identity theft or fraud. This included banking notifications, employment-related messages, account confirmation messages, marketing messages, health notifications, banking activity alerts, mail logs (with email addresses and subject lines), partial account numbers, IP addresses, data classified as "production," and many "confidential" records.

Netcore's Response: After being notified, Netcore secured the database on the same day and thanked the researcher for the alert. However, it remains unknown how long the database was exposed and whether any malicious actors accessed it before Fowler's discovery.

Netcore Cloud Pvt. Ltd: Overview

About Netcore Cloud: Netcore is a large digital marketing organization that provides cloud-based solutions helping businesses engage with customers across digital channels. These channels include email, SMS, WhatsApp, push notifications, and in-app messages. The company relies on artificial intelligence and automation to track and optimize these interactions. Headquartered in Mumbai, India, Netcore has global offices in Malaysia, UAE, and the UK, serving over 6500 clients worldwide.

Best Practices for Preventing Corporate Data Breaches

Importance of Data Protection: Protecting sensitive data is crucial for any organization. Preventing data breaches requires a multi-layered approach covering people, processes, and technologies. Here are some best practices companies can follow to mitigate risks and protect Personally Identifiable Information (PII):

1. Data Minimization and Clear Policies: Companies should collect and store only the minimum data necessary for their operations, and regularly dispose of any PII that is no longer required. This helps reduce the volume of data at risk in the event of an attack.
2. Strengthen Access Controls: Implement multi-factor authentication (MFA) across all systems and use role-based access control (RBAC) mechanisms to restrict who can access sensitive data. Permissions should be regularly reviewed, and unnecessary ones revoked.
3. Data Encryption: Utilize end-to-end data encryption, both at rest and in transit, to ensure that even if unauthorized access occurs, attackers cannot read it. Companies should also consider encrypting device hard drives and securing cloud backups.
4. Regular System and Software Updates: Apply software updates promptly to patch known security vulnerabilities, and use automatic updates for company devices. Monitor security notifications from vendors for critical patches.
5. Employee Training: Conduct regular cybersecurity awareness training, including phishing attack simulations. Make data protection a part of the company culture, and establish strict security policies that enforce prompt updates and frequent vulnerability assessments.
6. Network and Endpoint Security: This includes using firewalls, intrusion prevention and detection systems (IPS/IDS), access control lists, and Zero-Trust Network Access. Endpoint security controls, such as anti-malware software, should also be implemented. These measures help prevent unauthorized access to sensitive data by intruders.
7. Conduct Security Audits and Vulnerability Assessments: Provide formal insights into how an organization's cybersecurity controls compare to industry standards. These audits can help identify and resolve issues before they lead to breaches.
8. Develop an Incident Response Plan: Every organization should have a cyber incident response plan that is regularly tested and updated. This helps minimize the time taken to detect and respond to a breach, reducing potential costs and penalties. Regular and secure backups of sensitive data help mitigate damages.

Conclusion: The Netcore Cloud Pvt. Ltd incident highlights the importance of adopting robust strategies for data breach prevention and PII protection. By implementing these practices, companies can strengthen their defenses against evolving cyber threats and safeguard their valuable data and customers.