Personal data of 815 million Indians leaked online – media
The personal details of 815 million Indians were recently put up for sale on a dark web forum, Indian media reported on Monday.
The leak was revealed by US-based cybersecurity firm Resecurity, which reported the breach earlier this month.
According to the company, the stolen data includes Aadhaars (individual identification numbers that serve as proof of identity in India) and passport details, names, phone numbers, and both temporary and permanent addresses of millions of Indian citizens.
The data was listed for sale by a hacker using the alias ‘pwn0001,’ in a thread on Breach Forums, offering access to 815 million “Indian Citizen Aadhaar & Passport” records on October 9, Resecurity said. The company’s investigation unit, HUNTER, contacted the seller, who reportedly said he would sell the entire dataset for $80,000.
While the cybersecurity firm’s report noted that pwn0001 declined to specify how they obtained the data, without which “any effort to diagnose the cause of the beach will be speculative,” a report by News18 claimed that the compromised data might be from the database of the Indian Council of Medical Research (ICMR) – the country’s top body for the formulation, coordination, and promotion of biomedical research.
The report further noted that “top officials” of different agencies and ministries have been alerted to the sensitive matter. India’s Central Bureau of Investigation (CBI) will likely launch an investigation.
On Tuesday, the Times of India reported that the Indian government is probing the data leaks and has not ruled out a “detailed probe” if it finds “sufficient evidence” in the claims. According to the newspaper, the ICMR and India’s Health Ministry have refused to confirm or deny the breach.
This would not be the first time that cybercriminals have targeted the ICMR. Last year alone, hackers tried to break into the ICMR servers 6,000 times, according to News18. The outlet, citing sources familiar with the matter, said Indian agencies had previously urged the ICMR to take precautionary measures to avert potential data leaks.