New Delhi, April 9 (IANS): As homegrown audio and wearable brand boAt started investigating a possible data breach involving its customer information, experts on Tuesday said that the users should be on the lookout for unsuspecting, uninitiated communications from the company or any other services related to the brand that seek additional information, such as password or two-factor authentication codes.

Several reports claimed that the cyber breach apparently compromised the data of over 7.5 million customers of boAt.

"The breach revealed that over 7.5 million customers' sensitive information, including names, emails, phone numbers, addresses, and customer IDs, has been compromised and is now circulating on the dark web," Maheswaran S, Country Manager South Asia, Varonis, told IANS.

"This trove of data presents a lucrative opportunity for cybercriminals to orchestrate targeted and sophisticated social engineering attacks," he added.

In the 2023 IBM Cost of a Data Breach report, the average cost of a data breach for organisations reached $4.45 million, while the average cost per record reached $165, a nominal increase from 2022, which saw the average cost per record reach $164.

According to Tenable's senior staff research engineer Satnam Narang, the more sensitive information present in stolen data, the higher asking price can be expected.

"In the case of the alleged boAt data breach, it’s been reported that it is being sold by the attacker for a little over a few $2 or around Rs 160," Narang said.

In addition, Harshil Doshi, Country Director, India & SAARC, Securonix, advised that affected users should change their account passwords, deploy two-factor authentication, stay alert for any social engineering attacks and look out for further updates from the company.

A boAt's Spokesperson said that the company is aware of recent data breach claims and "safeguarding customer data is our top priority."