In a staggering data breach, personal information of more than 81.5 crore Indians, reportedly acquired from the Indian Council of Medical Research (ICMR), has been exposed online. This breach is considered one of the largest and most alarming in India’s history, raising critical concerns about the privacy and security of citizens’ sensitive data.
The breach was initially discovered by Resecurity, an American cybersecurity and intelligence agency, which identified a ‘threat actor’ operating under the alias ‘pwn001’. This actor posted details of the breach on Breach Forums, a self-described “premier Databreach discussion and leaks forum,” allowing access to the records of a staggering 81.5 crore Indians.
To put the scale of this breach in perspective, it’s nearly ten times the population of countries like Iran, Turkey, and Germany, ranking as the 17th, 18th, and 19th most populous nations in the world. India, as the world’s most populous nation with 1.43 billion citizens, is grappling with a data leak of unprecedented magnitude.
The information that has been leaked includes Aadhaar and passport details, as well as names, phone numbers, and addresses. The hacker ‘pwn001’ claims to have obtained this data from the Covid-19 test records of individuals registered with ICMR. As evidence of the breach, ‘pwn001’ posted spreadsheets containing fragments of Aadhaar data, which, upon analysis, were confirmed as valid Aadhaar card IDs.
While there has been no official response from ICMR or the government regarding this colossal breach, it is anticipated that the Central Bureau of Investigation (CBI) will initiate an investigation once a formal complaint is filed by ICMR. To address the fallout from this massive data leak, top officials from various agencies and ministries have been summoned to tackle the situation, and a Standard Operating Procedure (SOP) has been deployed to mitigate the damage.
The breach underscores the pressing need for stricter data protection and cybersecurity measures in India, given the country’s growing reliance on digital services and the vulnerability of sensitive personal information. It is imperative that swift action is taken to investigate the breach, hold those responsible accountable, and reinforce the nation’s cybersecurity infrastructure to prevent such incidents in the future. This incident serves as a stark reminder of the ever-present threat to individuals’ data security in the digital age.
Sources By Agencies