In what is being described as the largest data breach in India’s history, personal details of 81.5 crore Indians have been leaked and surfaced on the dark web. The data was allegedly sourced from the Indian Council of Medical Research (ICMR).
ICMR is the apex body for biomedical research in India. It plays a vital role in public health research and development, and its data is critical to the country’s efforts to combat diseases and improve healthcare.
The Breach
The breach was first noticed by Resecurity, an American cybersecurity and intelligence agency. The firm mentioned that “On October 9, 2023, a hacker with the alias ‘pwn001’ posted a thread on the dark web forum – a platform that describes itself as a ‘premier Databreach discussion and leaks forum, claiming to have access to a database containing the personal information of over 815 million Indians.”
In addition, analysts found a leaked sample that contained 100,000 records of personally identifiable information (PII) pertaining to Indian citizens.
The leaked data includes Aadhaar and passport information, alongside names, phone numbers, and addresses. The hacker claimed that this information was extracted from the Covid-19 test details of citizens registered with ICMR.
As proof, ‘pwn001’ posted spreadsheets with four large leak samples containing fragments of Aadhaar data. Upon analysis, these were identified as valid Aadhaar card IDs.
The Response
The ICMR has denied that it was hacked, but it has admitted that it was aware of the data breach and was investigating the matter. The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach.
While there is no official response from the government yet, it is reported that the Central Bureau of Investigation (CBI) is likely to probe the matter once it receives a complaint from ICMR. All top officials from various agencies, as well as ministries, have been roped in. To control the damage, the required Standard Operating Procedure (SOP) has been deployed.
The data breach is a major blow to India’s efforts to protect its citizens’ privacy. Aadhaar is India’s national identity database and it is used for a variety of purposes, including government services, banking, and telecom. The fact that Aadhaar details have been compromised could have serious consequences for millions of Indians.
ICMR’s History of Data Breaches: A Cause for Concern?
This is not the first time that ICMR has encountered cyber-attack attempts. Since February, there have been numerous attempts to breach ICMR servers. Last year alone, there were over 6,000 attempts to breach ICMR servers.
