India has witnessed numerous data breaches in recent years. In a recent one, the personal information of 81.5 crore Indians has reportedly been put up for sale on the dark web. According to News18, the sensitive data of citizens has been extracted from the Indian Council of Medical Research”s (ICMR) COVID-19 test records. It is suspected to be the biggest data leak case India has ever faced so far.
As per the report, this critical data breach was first noticed by an American cybersecurity and intelligence firm named Resecurity. The Central Bureau of Investigation (CBI) is expected to begin the investigation into this data breach once ICMR registers a complaint. The leaked information includes COVID-19 test data, names, phone numbers, addresses, and Aadhaar, as well as passport details of citizens. The report also reveals that the fraudsters advertised the database in the breached forum on the dark web and also shared spreadsheets containing the Aadhaar data to substantiate the claim. Notably, this sample data matches the original data from ICMR.
News18 reported that authorities have taken remedial measures and the required Standard Operating Procedure (SOP) has been initiated to minimize the damage from the breach. Earlier in November 2022, the All India Institute of Medical Sciences in New Delhi also reported a massive ransomware attack. The AIIMS server contains data on several high-profile people, including former Indian prime ministers, ministers, bureaucrats, and judges. After almost six days, officials managed to restore the data. There were also reports that at least 6,000 attempts to hack the server of the ICMR occurred on November 30. However, hackers failed to penetrate the servers.