In a significant and potentially the largest data breach in India's history, sensitive personal data of 815 million Indian citizens has been exposed and found on the dark web.
The leaked information reportedly originates from the database of the Indian Council of Medical Research (ICMR), although the exact source of the breach remains shrouded in mystery.
The breach, which has sent shockwaves throughout the nation, has brought the Central Bureau of Investigation (CBI) into action, as they seek to uncover the epicenter of this massive data leak. It was 'pwn0001,' an unidentified hacker, who first advertised the stolen information on the dark web, drawing immediate attention to the breach.
According to the hacker's claims, the compromised data includes Aadhaar and passport details, along with names, phone numbers, and both temporary and permanent addresses of millions of Indians. Remarkably, this data is said to have been collected by ICMR during COVID-19 testing, adding an alarming dimension to the breach.
Hacker reveals stolen data on Dark Web
The initial discovery of this staggering data breach was made by Resecurity, an American agency specializing in cybersecurity and intelligence. 'pwn0001' disclosed details about the breach on Breach Forums on October 9, proudly announcing the availability of a mind-boggling 815 million records, including "Indian Citizen Aadhaar & Passport" data. To verify the accuracy of the leaked records, researchers turned to the government portal's "Verify Aadhaar" feature, which successfully authenticated the Aadhaar information.
The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach, indicating the gravity of the situation.
The challenge faced in pinpointing the breach's exact source is further compounded by the scattering of COVID-19 test information across various government bodies, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health.
At the time of reporting, there has been no official response to the breach from the Ministry of Information and Technology or other concerned agencies, leaving millions of Indian citizens concerned about the security of their personal information.
Govt agencies scramble to trace origins
This alarming data breach is not an isolated incident in India's recent history. Earlier this year, cybercriminals targeted the All India Institute of Medical Sciences (AIIMS), compromising over 1 terabyte of data and demanding a substantial ransom.
This incident forced the hospital to resort to manual record-keeping for 15 days, further complicating an already overburdened institution. In a separate incident in December 2022, AIIMS Delhi's data was hacked by an entity believed to be of Chinese origin, with a demand for Rs 200 crore in cryptocurrency.
The breach at ICMR serves as a stark reminder of the urgent need for heightened cybersecurity measures and vigilance to safeguard the sensitive information of Indian citizens. As investigations unfold, the nation watches with bated breath, hoping for swift and effective action to protect their data.
