In response to the largest global data breach in history, the Indian government has directed all ministries and departments to transition their official email accounts from the @nic.in domain to the newly established @mail.gov.in platform. This precautionary measure aims to bolster cybersecurity and safeguard sensitive government communications.
The breach, disclosed in June 2025, compromised approximately 16 billion login credentials, including email addresses, passwords, and authentication tokens. While there is no evidence that Indian government email accounts were directly affected, officials emphasize the need to mitigate potential risks. A senior government source noted, “When it comes to national security, even the perception of vulnerability is unacceptable.”
The Ministry of Electronics and Information Technology (MeitY) has collaborated with Chennai-based IT firm Zoho, which secured the contract in late 2023 to manage the government’s email infrastructure. Zoho is facilitating the phased migration to the @mail.gov.in domain, offering enhanced resilience and control over hosting and data protection. This transition is part of a broader strategy to strengthen the security of government communications and ensure compliance with updated cybersecurity policies.
The Computer Emergency Response Team of India (CERT-In) issued an advisory in June 2025, alerting users to the exposure of credentials linked to platforms such as Apple, Google, Facebook, GitHub, Telegram, and several VPN services. The leaked dataset, reportedly circulating on the dark web, contains usernames, passwords, authentication tokens, session cookies, and associated metadata. Although no confirmed breaches of government email IDs have been reported, the advisory underscores the importance of proactive security measures.
The government’s decision to migrate to the @mail.gov.in domain reflects a commitment to enhancing cybersecurity and protecting sensitive information. By consolidating email services under a government-managed platform, officials aim to maintain control over data, authentication, encryption, and threat response. This initiative is expected to improve the resilience of government communications and reduce the risk of cyber threats.
As the migration progresses, government employees are encouraged to adhere to the new email policy and utilize the updated platform for all official communications. The shift to @mail.gov.in represents a significant step toward strengthening India’s cybersecurity infrastructure and safeguarding the integrity of government operations.
