In what could potentially be considered one of the most significant data breaches in the history of India, sensitive personal information belonging to 81.5 crore Indian individuals has been exposed and made available on the dark web. This extensive data leak has been sourced from the database of the Indian Council of Medical Research (ICMR), although the exact origin of this security breach remains shrouded in mystery.
This alarming revelation has prompted the Central Bureau of Investigation (CBI) to launch an investigation into the incident after it was initially brought to their attention by a hacker known as 'pwn0001.' This individual, operating within the realm of the dark web, openly advertised the stolen data, which is said to encompass crucial details such as Aadhaar and passport particulars, as well as the names, phone numbers, and both temporary and permanent addresses of millions of Indian citizens. The hacker also claims that this data can be traced back to information collected by the ICMR during the COVID-19 testing phase.
It is noteworthy that the initial discovery of this data breach was made by Security, a cybersecurity and intelligence agency based in the United States. On October 9, 'pwn0001' disseminated detailed information regarding this breach on Breach Forums, announcing the availability of a staggering 815 million records, which include data related to "Indian Citizen Aadhaar & Passport." For context, India's total population exceeds 1.486 billion people.
Subsequent research efforts have unveiled that within this trove of leaked data, there are approximately 100,000 files containing the personal information of Indian citizens. To validate the accuracy of these records, some were cross-referenced using the "Verify Aadhaar" feature on a government portal, which successfully authenticated the Aadhaar information.
In response to this concerning breach, the Computer Emergency Response Team of India (CERT-In) has alerted the ICMR regarding the situation. It is worth noting that the COVID-19 test data involved in this breach is scattered across various government entities, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it considerably challenging to pinpoint the exact source of the breach.
As of the time of writing this report, there has been no official response to the breach from the Ministry of Information and Technology or any other relevant authorities online.
It is important to underscore that this is not the first instance of a major medical institution in India falling victim to a security breach. Earlier in the year, cybercriminals infiltrated the servers of the All India Institute of Medical Sciences (AIIMS), gaining control of over 1 terabyte of data and demanding a substantial ransom. This incident forced the hospital to resort to manual record-keeping for a period of 15 days, thereby further complicating an already overburdened institution. Just a few months prior to this, in December 2022, AIIMS Delhi's data was targeted by Chinese hackers, who demanded a ransom of Rs 200 crore in cryptocurrency.
