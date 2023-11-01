Countries
Personal Data of 81.5 Million Indians Leaked Following ICMR Data Breach
News

Personal Data of 81.5 Million Indians Leaked Following ICMR Data Breach

Krishi Chowdhary
Updated:

Data of 81.5 Million Indians Leaked Following ICMR Breach

Personal details of 81.5 million Indian citizens have been put on sale on the dark web after hackers stole the said information from the Indian Council of Medical Research (ICMR).

This could potentially be the largest data breach in the country’s history so far and is suspected to have been carried out by foreign threat actors.

The massive data breach came to light when a “threat actor” going by the pseudonym ‘pwn0001’ put the stolen database on sale on a breached forum on the dark web. One of the leaked samples was found to include 100,000 records of personally identifiable information on Indian citizens.

The Severity of the Data Breach

According to Resecurity, the US-based cybersecurity and intelligence firm that first noticed the data breach, the user named ‘pwn0001’ posted a thread on the Breach Forums advertising the stolen data.

Upon the cross-verification of some of the leaked samples using the “Verify Aadhar” feature on an Indian government portal, the stolen Aadhar credentials were found to be authentic.

The threat actor reportedly brokered access to 815 million “Indian Citizen Aadhar and Passport” records. The sheer volume of the compromised data exceeds the country’s entire population, which is well over 1.4 billion.

When contacted by analysts, ‘pwn0001’ revealed that they were willing to sell the entire dataset for a hefty price of $80,000. The leaked information includes a variety of sensitive, personally identifiable information (PII), including names, phone numbers, and addresses.

The threat actor ‘pwn0001’ refused to specify how they managed to obtain the data. However, they did reveal that the massive dataset was stolen from the COVID-19 testing records that ICMR collected.

The dataset has been shared with multiple government entities, including the Ministry of Health, the National Informatics Centre (NIC), and ICMR. This makes it even more difficult to ascertain the epicenter of the breach – one of its most concerning aspects.

Remedial Measures Already in Place

Remedial measures are already underway, with several ministries and agencies mobilized for the thorough investigation of the breach and to address the crisis urgently. The breach has drawn attention from the highest echelons of the Indian government, and Standard Operating Measures to mitigate any further damage have already been deployed.

The ICMR has been a constant target for cybercriminals since February, with more than 6,000 attempted attacks recorded over the last year.

The persistent threats were no secret to the council and central agencies, which had been urging the ICMR to strengthen its security to prevent a data leak.

The severity and seriousness of the breach prompted the Computer Emergency Response Team of India (CERT-In) to get involved. CERT-In then informed ICMR of it, following which the sample data of the leaked dataset was verified against actual ICMR data and found to be a match.

The Ministry of Information and Technology or other relevant government agencies were yet to share any official response at the time this incident was reported.

However, this is in no way the first time a major medical institution in India has faced a cyber-security breach. Cybercriminals infiltrated AIIMS’ servers earlier this year, gaining control over more than 1TB of data on which they demanded a hefty ransom.

