Reports have surfaced indicating that the sensitive information of approximately 815 million (81.5 crore) Indians has appeared on the dark web, possibly representing one of the most extensive data breaches in India's history.
The compromised data purportedly originates from the Indian Council of Medical Research’s (ICMR) database, although the specific source of the leak remains undisclosed. The Central Bureau of Investigation (CBI) has initiated an investigation into this breach following its disclosure by an individual known as 'pwn0001', a hacker who publicized the stolen information on the dark web.
The leaked data allegedly includes Aadhaar and passport details, along with individuals' names, phone numbers, and both temporary and permanent addresses. According to the hacker, this data is said to have been collected during COVID-19 testing conducted by the ICMR.
Initial awareness of this breach was brought to light by Resecurity, an American cybersecurity and intelligence agency. 'pwn0001' unveiled specifics about the breach on Breach Forums on October 9, advertising the availability of 815 million records, encompassing "Indian Citizen Aadhaar & Passport" data.
For reference, India's total population slightly exceeds 1.486 billion people. Through investigations, it was confirmed that among the leaked data were approximately 100,000 files containing personal details of Indian citizens. Some of these records were verified for accuracy using the "Verify Aadhaar" feature on a government portal.
The Computer Emergency Response Team of India (CERT-In) has alerted the ICMR about the breach. The information obtained from COVID-19 tests is spread across various government entities such as the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it challenging to pinpoint the exact source of the breach.
At the time of preparing this report, there was no official response regarding the breach from the Ministry of Information and Technology or other relevant agencies online.
This incident is not the first security breach faced by a major medical institution in India. Earlier in the year, cybercriminals infiltrated AIIMS’ servers, gaining control of over 1TB of data, and subsequently demanding a substantial ransom. This incident led the hospital to resort to manual record-keeping for 15 days, causing delays in an already overwhelmed institute.