Advertisement
New Delhi: In a major data breach, pivotal information of 815 million Indians has been up on the dark web for sale, according to a report by US-based cybersecurity firm. The report claims that the compromised data includes sensitive information such as Aadhaar and passport numbers, as well as names, phone numbers, and addresses. This suspected breach, if confirmed, would be the largest of its kind in India’s history.
A cybersecurity and intelligence company based in the United States discovered the leak on October 9. On the breach forum, a threat actor going by the alias “pwn0001” was found to be providing access to these records. Given the scope of the incident, concerns are being raised over security protocols to protect citizens’ personal information.
The alleged breach involved a database of the Indian Council of Medical Research (ICMR), a key body leading health-related studies in the country. As per the data shared by the hacker, the stolen information comprises Aadhaar and passport details, along with names, phone numbers and temporary and permanent addresses of millions of Indians. The hacker also claims that this data comes from the information ICMR collected during COVID-19 testing.
A hacker on X has also informed, “India Biggest Data Breach Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19. The leaked data includes: Name, Father’s name, Phone number, Other number, Passport number, Aadhaar number, Age”.
⚠️ India Biggest Data Breach
Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19.
The leaked data includes:
* Name
* Father's name
* Phone number
* Other number
* Passport number
* Aadhaar number
* Age#DataBreach #dataleak #CyberSecurity pic.twitter.com/lUaJS9ZPDr— Shivam Kumar Singh (@MrRajputHacker) October 30, 2023
Researchers found that among the exposed data, there were 100,000 files with personal details of Indian citizens. To check their accuracy, some of these records were confirmed using a government portal’s “Verify Aadhaar” feature, which authenticated the Aadhaar information.
The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach, according to a report by sources. The COVID-19 test information is scattered across various government bodies like the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it challenging to identify where the breach originated.
The Central Bureau of Investigation (CBI) is expected to probe the matter once the ICMR files a complaint. Meanwhile, data breaches and privacy issues have become a common problem and all the major tech companies including Google are working on several improvements to help consumers avoid data breaches.
In conclusion, this breach of personal data of over 81.5 crore Indian citizens is a powerful reminder of the data privacy and cybersecurity challenges that India faces. This underscores the need for stronger cyber security measures, accountability and proactive steps to prevent similar breaches in the future.
