Personal data of 81.5 crore Indian users leaked in possibly the largest data breach in Indian history
Sensitive information of 81.5 crore Indians has emerged on the dark web, potentially marking the biggest data breach in India’s history.
The information has been leaked from the Indian Council of Medical Research’s (ICMR) database. However, the epicentre of the leak is still unknown. The Central Bureau of Investigation (CBI) is investigating the leak, after the breach was brought to attention by ‘pwn0001’ –– a hacker –– who advertised the stolen information on the dark web.
As per the data shared by the hacker, the stolen information comprises Aadhaar and passport details, along with names, phone numbers and temporary and permanent addresses of millions of Indians. The hacker also claims that this data comes from the information ICMR collected during COVID-19 testing.
The initial discovery of the data breach was made by Resecurity, an American agency specialising in cybersecurity and intelligence. On October 9, ‘pwn0001’ disclosed details about the breach on Breach Forums, advertising the availability of 815 million records, including “Indian Citizen Aadhaar & Passport” data. For context, India’s total population is a little over 1.486 billion people.
Researchers discovered that among the leaked data, there were 100,000 files with personal details of Indian citizens. To check their accuracy, some of these records were confirmed using a government portal’s “Verify Aadhaar” feature, which authenticated the Aadhaar information.
The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach. The COVID-19 test information is scattered across various government bodies like the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it challenging to identify where the breach originated.
At the time of writing the story, there was no response on the leak from the Ministry of Information and Technology or other concerned agencies online.
This isn’t the first time that a large medical institute in India has faced a breach. Earlier this year, cybercriminals hacked into AIIMS’ servers and took charge of more than 1TB of data at the institute, asking for a hefty ransom. This forced the hospital to switch to manual record keeping for 15 days, slowing down all the processes in an already-overcrowded institute. A few months before that in December 2022, AIIMS Delhi’s data was hacked by the Chinese, and had demanded Rs 200 crore in cryptocurrency.