A massive data breach has exposed 81.5 crore Indians to privacy risks, with the Indian Council of Medical Research (ICMR) as the victim. The breach has led to concerns and potential involvement of the Central Bureau of Investigation (CBI) for a formal investigation. A person named ‘pwn0001’ shared personal details like Aadhaar and passport info from ICMR’s Covid-19 records on the dark web.
ICMR’s data security is under scrutiny due to multiple cyber-attacks since February, with over 6,000 hacking attempts reported in the past year. Despite prior awareness of these vulnerabilities, sources suggest that recommended measures to prevent data leaks were inadequately implemented.
CERT-In, the government’s cybersecurity response team, alerted ICMR about the breach. Sample data for sale on the dark web matched ICMR’s records. The potential involvement of foreign actors has escalated concerns and this has led to swift remedial actions and the deployment of necessary Standard Operating Procedures (SoP) to prevent further damage.
The source of breach remains unknown, with Covid-19 test data scattered across entities like the National Informatics Centre (NIC), ICMR and the Ministry of Health. Resecurity, an American cybersecurity agency, played a crucial role in exposing the breach when they identified ‘pwn0001,’ who advertised access to 815 million Indian citizen records on Breach Forums, a significant portion of India’s 1.486 billion population.
Resecurity confirmed that one of the leaked samples contained 100,000 records of Indian residents’ personally identifiable information, which was authenticated through a government portal’s “Verify Aadhaar” feature. Disturbingly, this incident is not an isolated case. Last year, All India Institute of Medical Sciences (AIIMS) faced a cyber-attack traced back to an IP address from a neighboring country.