Massive data breach exposes 81.5 crore Indians' details: ICMR data allegedly on sale, CBI probe expected
Unprecedented data breach in India as 81.5 crore citizens' personal details, including Aadhaar and passport information, are allegedly for sale, prompting a possible CBI investigation into the ICMR's security measures.
In what is suspected to be the largest data leak case in India's history, the details of 81.5 crore Indians associated with the Indian Council of Medical Research (ICMR) are reportedly up for sale. According to a News18 report, the Central Bureau of Investigation (CBI), India's premier investigative agency, is expected to launch an inquiry into the matter once ICMR files a formal complaint.
The report noted that the data breach was brought to light when a 'threat actor' using the pseudonym 'X,' who was previously active on Twitter, advertised the compromised database on a dark web forum. This database reportedly contains records of 81.5 million Indian citizens, including sensitive information such as Aadhaar and passport details, names, phone numbers, and addresses. The 'threat actor' claimed that the data was extracted from the Covid-19 test records of Indian citizens and was sourced from ICMR.
Since February, the ICMR has encountered numerous cyber-attack attempts, with over 6,000 incidents reported last year. Both central agencies and the council were cognizant of these threats, urging ICMR to implement corrective measures to prevent potential data breaches, according to the report, quoting inside sources.
CERT-In has reportedly alerted ICMR about the breach, with the sample data on sale matching the genuine data from ICMR, prompting the involvement of various agencies.
Given the gravity of the situation, the report further stated that high-ranking officials from different agencies and ministries have been mobilized to address the issue. As foreign actors are suspected to be behind the breach, a thorough investigation by a top-tier agency is deemed essential. Remedial actions have reportedly already been initiated, and the necessary Standard Operating Procedures (SoP) have been put into place to mitigate the damage.
The report, quoting sources, highlighted that the origin of the leak has yet to be pinpointed, as portions of Covid-19 test data are shared among the National Informatics Centre (NIC), ICMR, and the Ministry of Health.
As per the American cybersecurity and intelligence agency Resecurity, the initial detection of the leak occurred when a threat actor known as 'pwn0001' reportedly shared a post on Breach Forums on October 9, offering access to 815 million records containing "Indian Citizen Aadhaar & Passport" details. To contextualize the affected population, India's total populace stands slightly over 1.486 billion people.
The News18 report noted that Pwn0001 distributed spreadsheets comprising four substantial leak samples, including segments of Aadhaar data, as evidence. Resecurity reportedly highlighted that one of these leaked samples encompassed 100,000 records of Personally Identifiable Information (PII) associated with Indian residents. Through this leaked sample, analysts at HUNTER confirmed the existence of valid Aadhaar Card IDs, corroborated using a government portal equipped with a "Verify Aadhaar" feature, enabling the authentication of Aadhaar credentials.
Instances of India's health system being a target for hackers have been observed previously.
In the preceding year, AIIMS encountered a cyber-attack leading to alterations in multiple systems. Reports by News18 indicated that the attack was associated with "one of India’s neighboring countries," as investigative agencies traced the origin of an IP address to that location.
The issues commenced on November 23, causing server disruptions that impacted the outpatient department (OPD) and sample collection services at AIIMS. Following this incident, AIIMS had to resort to restarting its OPD services via online booking after a few days.