OYO to share customers data with state government

Hospitality firm Oyo will soon start using a digital record system in the form of an app and will share customers arrivals and departures data with the state governments in India.

The company’s South East Asia CEO Aditya Ghosh announced it during a CII conference in Kolkata. He said: “At this point, we have seen acceptance from the state governments of Haryana, Rajasthan, and Telangana of our proposed digitization of guest entry and departure records. The digital arrival and departure register aim to maintain a real-time record of guest entries and update the respective governments on who’s checking in and checking out, when presented with an information order for an investigation, making this a more secure, efficient and transparent process as compared to the manual version.”

After this, the company has faced the flank of everyone as it is not sure whether they would share the data with authorities in real time or not. While some of the data security experts see it as a breach of privacy.

However, the company has clarified that they will only share details with authorities in case an information order is furnished. “We share any limited information only when required by law and only when we are duty-bound or permitted to disclose personal information through orders or directions of government/regulatory bodies, law enforcement officials and court orders etc.”

 OYO has already started using the digital register in Jaipur and its pilot projects are running in the other two states.

Meanwhile, the company is aiming to become the biggest player in the hospitality sector, currently, they are at number three.

“We will have one million rooms inventory into our fold in the near distant future. I think it should happen in a year and a half,” Ghosh said.

Truecaller starts storing Indian user data locally

Sweden-headquartered phone directory app Truecaller announced on Wednesday that it is locally storing the Indian users’ data to ensure transparency and provide faster and more reliable services. The company becomes one of the first international technology companies to proactively take this step.
“Truecaller is one of the first international tech companies to proactively take the step of storing its Indian users’ data locally in India. This is a user-centric move that is aimed at safeguarding personal data and encouraging more transparency in the ecosystem,” Truecaller said in a statement.  With locally stored data, and significant investments in its Indian infrastructure, Truecaller has also doubled the search result speed for its core services like caller ID and spam detection, it added.

It said for the overseas part of the transaction, the data may be stored in a foreign country.
The draft of Personal Data Protection Bill, 2018 — drafted by a high-level panel headed by Justice B N Srikrishna — also restricts and imposes conditions on the cross-border transfer of personal data.
The central bank’s data localisation policy had elicited mixed response from the payment services industry.
The RBI, in April last year, had issued a circular instructing all payments system providers in the country to ensure that data relating to systems operated by them is stored only in India and had set a deadline of October 15, 2018. “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction,” RBI said in its 6 April 2018 circular.

Truecaller pointed out that it was already storing payments data of its Indian users, who use its unified payment interface (UPI)-based payment service in India. 

PayPal Credentials Stolen Through Phishing Attacks

Recently an in-developed ransomware has been found that attempts to take the user’s PayPal credentials through a phishing attack notwithstanding encrypting files. The ransomware itself is ‘unremarkable’, yet the cleverest part is the ransom note as it offers a choice to the user to pay through PayPal just as the typical Bitcoin course.

Found by the MalwareHunterTeam, the trick offers criminals a one-two punch of advantages: Individuals who pay utilizing the internet’s payment technique will be coordinated to a persuading looking phishing website which will endeavor to take the unfortunate user’s PayPal credentials.

Be that as it may, in case of the PayPal phishing site choice when users tap on the “Buy Now” button, they are thusly directed to the Credit card part of the phish, in this way skirting the login.

What’s more, when the victim submits their data, it is sent to http://ppyc-ve0rf.890m.com/s2 [.]php, where personal data of the individual, for example, their address is stolen. The phishing page at that point tells the user that their account unlocked and they are diverted to the PayPal login page and incited to sign in.

Since ransomware is growing to be progressively advanced and for this situation, it’s much increasingly deadly joined with yet another attack vector i.e. phishing. Consequently it’s not constantly conceivable to abstain from being hit by ransomware, yet in the event that one is, some basic steps can help diminish its effect.

Jake Moore, cyber security expert at ESET says this phishing attempt “inherently uses classic techniques that have been used for years and can usually be overcome by educating users” later adds,  “Targets will always need to be on guard when sent to a link and it’s vital they actively check the URL – especially when the phishing site looks very genuine.”

In this manner the most reasonable activity is not to give away one’s personal details except if one is certain beyond a shadow of a doubt that the site is genuine. Also abstaining from tapping on any link or download or open a document except if the user is certain that it is from a ‘reliable source’.