On the evening of June 11, a journalist from a Kerala-based news portal uncovered information that has the potential to change the course of data privacy in India forever-it was discovered that a Telegram channel called ‘hak4learn’ was offering access to private data of millions in India, including their name, passport and date of birth. The data appears to have come from India’s vaccination tracking app, which has over 1 billion users registered-the sheer scale of the breach makes it difficult to determine the exact repercussions but reports of local news outlets using the database to access the personal information of politicians have already begun to surface. Interestingly, the health ministry continues to flat-out deny allegations of a breach, possibly to save face in the wake of mass public outrage. Even though the bot has since been deactivated, the data is likely already being circulated on numerous dark web servers that are difficult if not impossible to trace. Indeed, India’s digital infrastructure has expanded massively over the past few years, with the growing popularity of the Andhaar identity system, the proliferation of the digital payments system United Payments Interface, and the launch of CO-win. Unfortunately, cybersecurity and legal frameworks have not adequately kept up with the pace of this growth. Data breaches associated with government entities are particularly large, meaning that there is an imminent need for stricter data security standards for public institutions. What is most concerning, however, is that currently, India doesn’t have a comprehensive cybersecurity policy at all-any existing data protection frameworks conveniently overlook the compensation that affected users might expect to receive in the event of a breach like this one. While some speculate that instead of having access to the entire CoWIN database, the hackers may instead have gotten a hold of multiple credentials from health workers, allowing them relatively more limited access to records. But the bottom line is that if India wants to step up to its role as one of the most powerful tech forces in the world, its policymakers must make it a priority to invest in the appropriate infrastructure and cybersecurity regulation. *