Genpact International, Inc.

On January 12, 2017, Genpact International, Inc. experienced a data breach when a dataset containing personal and credit information was uploaded to an insecure cloud server without proper security controls. The incident was reported by the California Office of the Attorney General on May 8, 2017. The exposed data potentially included sensitive financial details, though the exact number of affected individuals remains undisclosed. The breach stemmed from inadequate security measures during the data transfer, leaving the information vulnerable to unauthorized access. While the full scope of the exposure such as whether the data was actively exploited was not confirmed, the incident posed significant risks, including identity theft, financial fraud, and reputational harm to both the company and the impacted individuals. The breach underscored failures in data protection protocols, particularly in securing cloud-based storage systems handling sensitive customer information.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-68655

TPRM report: https://www.rankiteo.com/company/genpactdigital

"id": "gen728082025",
"linkid": "genpactdigital",
"type": "Breach",
"date": "1/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Professional Services (Business Process '
                                    'Outsourcing)',
                        'location': 'California, USA (HQ: New York, USA)',
                        'name': 'Genpact International, Inc.',
                        'type': 'Corporation'}],
 'attack_vector': 'Misconfigured Cloud Server',
 'data_breach': {'data_encryption': 'No (uploaded without adequate security)',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Credit Information']},
 'date_detected': '2017-01-12',
 'date_publicly_disclosed': '2017-05-08',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Genpact International, Inc. on May 8, 2017. '
                'The breach occurred on January 12, 2017, when a data set '
                'containing personal and credit information was uploaded to a '
                'cloud server without adequate security measures, potentially '
                'affecting an unknown number of individuals.',
 'impact': {'data_compromised': True,
            'identity_theft_risk': True,
            'payment_information_risk': True,
            'systems_affected': ['Cloud Server']},
 'post_incident_analysis': {'root_causes': 'Inadequate security measures for '
                                           'cloud-uploaded sensitive data'},
 'references': [{'date_accessed': '2017-05-08',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential violation of '
                                                    'California Data Breach '
                                                    'Notification Law (Civil '
                                                    'Code § 1798.82)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Public Disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Genpact International, Inc. Data Breach (2017)',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate Security Measures'}