Apr 9, 2026

Nasscom’s Data Security Council Appoints Neelam Dhawan as Chairperson

Nasscom’s Data Security Council appoints Neelam Dhawan as Chairperson, marking a strategic move to strengthen India’s cybersecurity and data protection ecosystem with experienced leadership.

The Data Security Council of India (DSCI), an initiative of Nasscom, has appointed Neelam Dhawan as its Chairperson, effective 1 April 2026. She succeeds Promod Bhasin, who held the position from April 2023 to March 2026. Dhawan joined the DSCI board in December 2025 and brings extensive board-level experience, currently serving on the boards of Tech Mahindra, Hindustan Unilever, Fractal Analytics and Capita PLC. She also chairs Ather Energy and Capillary Technologies.

In her statement, Dhawan noted that cybersecurity has become both a strategic priority and a business enabler. She highlighted the growing risks posed by AI-enabled threats and quantum computing. The council stated that it will continue to work closely with industry and government stakeholders to strengthen cybersecurity and data privacy standards across India.

This appointment is viewed as a significant step toward strengthening leadership in India’s evolving digital security ecosystem.

📰 MINI HEADLINES

Dutch Finance Ministry Systems Taken Offline Following Data Breach

The Dutch Ministry of Finance disclosed a data breach on 19 March 2026 that affected certain employee data. From 23 March 2026, specific systems were taken offline as a precautionary measure, temporarily preventing approximately 1,600 institutions from viewing account balances or submitting online loan applications through the ministry’s portal. Core systems for tax collection, subsidies and import/export regulation remained unaffected. The incident is under active investigation, and no threat group has claimed responsibility.

Data Breach

EDPB and EDPS Issue Joint Opinion on Revised EU Cybersecurity Act

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued Joint Opinion 4/2026 on 31 March 2026 concerning the European Commission’s proposed amendments to the EU Cybersecurity Act within the Digital Omnibus Package. The Opinion stresses the need to embed data protection requirements directly into certification processes, signalling a growing convergence between cybersecurity and privacy governance across the European Union.

EU Cybersecurity

North Korea Targets Axios in Sophisticated Supply Chain Attack: 100 Million Weekly Downloads at Risk

Google’s Threat Intelligence Group attributed a sophisticated supply chain attack on Axios, a widely used JavaScript HTTP client library, to the North Korean advanced persistent threat group UNC1069. The library is downloaded about 100 million times per week through the NPM package registry and runs in the background of many web applications, banking platforms, and enterprise services.

The attackers compromised Axios’s maintainer’s personal NPM account by changing the registered email address and locking the legitimate owner out. They introduced a malicious dependency in two successive releases. The operation bypassed the project’s GitHub Actions pipeline by using the npm command-line interface to avoid automated security checks. Separate malware payloads targeted Windows, macOS, and Linux, showing significant planning and resources. The malicious code has since been removed from the registry.