New Delhi — In the wake of what cybersecurity experts are calling the largest data breach in history, the Government of India has ordered its ministries and departments to migrate from the long-used @nic.in email domain to a new, more secure platform: @mail.gov.in.
The World’s Largest Data Breach
The breach, disclosed in June 2025, exposed a staggering 16 billion login records, including email addresses, passwords, authentication tokens, and session cookies.
Among the affected were accounts tied to global giants such as Apple, Google, Facebook, Telegram, GitHub, X (formerly Twitter), and several VPN services.
While there is no direct evidence that Indian government accounts were compromised, officials said the risk was too great to ignore. “When it comes to national security, even the perception of vulnerability is unacceptable,” one senior official noted.
Zoho Steps In
The transition comes after Zoho, a Chennai-based IT firm, won the contract in late 2023 to manage the government’s email infrastructure.
The company is now facilitating the phased migration to @mail.gov.in, a domain officials say offers greater resilience and control over hosting and data protection.
The First Firm to Assess Your DFIR Capability Maturity and Provide DFIR as a Service (DFIRaaS)
A Phishing Attack Raises Alarm
The urgency of the move was underscored when a defense-related government email account fell victim to a phishing attempt shortly after news of the breach broke.
The malicious email contained a link capable of deploying malware if clicked.
Investigators said the attack was isolated and did not compromise sensitive data.
Still, the incident deepened concern within security circles, highlighting how even a single vulnerable account can serve as a gateway for broader intrusions.
CERT-In’s Warning
India’s Computer Emergency Response Team (CERT-In) issued an advisory in June, warning that the leaked credentials were already circulating on the dark web and could be weaponized.
Particular risks include:
Credential stuffing attacks, in which leaked passwords are reused to access other accounts.
Business email compromise, a costly form of fraud.
Ransomware campaigns targeting government and corporate networks.
CERT-In urged both institutions and individuals to immediately change passwords, enable multi-factor authentication, and remain vigilant against suspicious links.
Expert’s View: Professor Triveni Singh
Cybercrime expert and former IPS officer Professor Triveni Singh warned that the breach signals something far larger than a technical mishap:
“This is not just about stolen passwords — it is a global cyber warning. Hackers are no longer content with stealing data; they monetize it, weaponize it, and use it to undermine financial systems and even national security. In a country like India, where hundreds of millions depend on digital payments and e-governance, the risk is exponentially higher. The government has acted wisely and on time, but now citizens and institutions must treat cyber hygiene as a daily discipline.”
What It Means for Citizens
Experts say the implications extend beyond government corridors. India’s booming digital economy — from UPI transactions to online banking and e-governance — could be disrupted by even small breaches.
Practical steps recommended for citizens include:
- Using unique passwords for every service.
- Employing password managers.
- Adopting passkeys or biometric authentication where possible.
- Avoiding suspicious emails and links.
- Regularly reviewing account security settings.
A Broader Security Question
The episode underscores a growing tension for countries like India: as digital dependence accelerates, so too does the risk of systemic failure. What was once seen as a matter of IT housekeeping is now recognized as a question of national resilience.
As Professor Singh put it, the breach is less about what was lost and more about what could yet be weaponized. “The battle for cybersecurity,” he said, “is no longer theoretical. It is here, and it is global.”
