A massive data breach has exposed the personal data of over 81.5 crore Indians on the dark web, in what could be the biggest data breach in India’s history. The data was leaked from the database of the Indian Council of Medical Research (ICMR), which collected the information during COVID-19 testing.
The leak was made by a hacker named ‘pwn0001’, who posted a thread on Breach Forums, offering to sell the entire dataset for $80,000 (over Rs 66 lakh). The data includes Aadhaar and passport details, names, phone numbers and addresses of millions of Indians.
The Central Bureau of Investigation (CBI) is probing the incident, after being alerted by a US-based cybersecurity and intelligence firm Resecurity, which found one of the leaked samples containing 100,000 records of personally identifiable information (PII) related to Indian residents. The firm verified some of the Aadhaar IDs using a government portal that provides a “Verify Aadhaar” feature. The hacker did not reveal how they obtained the data.
The Computer Emergency Response Team of India (CERT-In) has also informed ICMR about the breach. The COVID-19 test information is spread across various government entities such as the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it difficult to trace the source of the breach. As of now, there has been no official response from the Ministry of Information and Technology or other relevant agencies online.
This is not the first time that a major medical institution in India has been targeted by hackers. Earlier this year, hackers attacked AIIMS’ servers and encrypted more than 1TB of data at the institute, demanding a huge ransom. This disrupted the hospital’s online services and forced it to switch to manual record keeping for 15 days, affecting its efficiency and capacity.A few months before that in December 2022, AIIMS Delhi’s data was hacked by Chinese hackers, who asked for Rs 200 crore in cryptocurrency.
Also read:
