Given how the intensity of cyberattacks has been increasing during the pandemic, it is not surprising that Indian companies have borne the brunt of it. In the absence of any common minimum standards, each company in India follows its parameters. While most attacks entail stealing account information and logins, the biggest one for 2021 happened at a cryptocurrency exchange, BuyUCoin, where KYC details of 325,000 Indian users were leaked. Two years ago, another cryptocurrency exchange, Binance, was part of another KYC leak and last year, yet another crypto platform, Digitex, had started an investigation, on the leak of KYC details of 8,000 users. While the usual response on data leaks is companies strengthening their servers and ensuring more data safety protocols, Digitex announced that they would stop KYC verification. KYC verification has been made mandatory for cryptocurrency platforms to make tracking money easier and avoid it being used for illegal means. Although none of the Indian banks have reported a leak, it is surprising most companies are not using the solution provided by the government and the government is not pushing for it either. Why do companies need to store data in the first place, when the whole idea of a DigiLocker was that users could share verified and government-issued documents and companies could confirm it online removing the hassle of printouts and attestations. More important, at the time, the government had envisaged that users could set a time limit for sharing data after which the company would not be able to confirm the details.