Virtual private network (VPN) service providers and other intermediaries have been instructed by the ministry of electronics and information technology to quickly ban access to websites that are disclosing personal information about Indians.
The instruction was first posted on LinkedIn on Thursday by a ministry official, who flagged websites like proxyearth.org and leakdata.org for allegedly disclosing names, addresses, mobile numbers, and other information without permission. A senior government official attested to the directive's legitimacy.
Users could obtain information such as full name, address, alternate numbers, and email addresses by entering any Indian cellphone number on the banned websites.
The government cautioned that because these platforms allow the public to access individuals' personal information without their consent, they represent a serious risk to Indian users.

It further stated that these websites can still be accessible via VPN services, so their providers' intervention is crucial.
The Indian Computer Emergency Response Team released guidelines in 2022 mandating that VPNs, cloud service providers, and VPS operators gather and retain validated user data for five years, even when a service is ended.
In order to get around the data-retention requirement, major VPN providers like Proton VPN, ExpressVPN, NordVPN, and Surfshark later moved their physical servers out of India.

It also stated that these websites might still be accessible via VPN services, thus their providers' intervention is crucial.
The Indian Computer Emergency Response Team announced guidelines in 2022 mandating that VPNs, cloud service providers, and VPS operators gather and retain validated user data for five years, even when a service is terminated.
In order to evade the data-retention requirement, major VPN providers like Proton VPN, ExpressVPN, NordVPN, and Surfshark later moved their physical servers out of India.

Intermediaries are reminded of their responsibilities under the Information Technology Act, 2000 and the Information Technology Rules, 2021 by the new electronics and information technology ministry directive. One of these responsibilities is to take "immediate and effective action" to prevent the hosting or sharing of illegal or privacy-violating content on their platforms. Companies may lose their safe-harbor protections under Section 79 of the Act and face legal action under both the Act and the Bharatiya Nyaya Sanhita if they don't comply.
The ministry emphasised that VPN services and intermediaries must take reasonable steps to prevent access to such websites, citing the gravity of the situation. The directive reaffirmed the requirement that intermediaries give law enforcement and cybersecurity authorities information or support within the allotted time constraints.

This year, Zoomcar, a self-drive car rental company, revealed a data breach that affected over 8.4 million members. Over 1.8 million users' data was compromised in the ADDA app. A hack affected the recruitment and research systems of the Indian Council of Agricultural Research.

4.5 million passengers were impacted by an Air India hack in 2021. Customer order histories and contact information were made public by the 2021 Domino India hack.