Sensitive personal data of 81.5 crore Indians has been exposed on the dark web, potentially marking India’s largest data breach.
A hacker named ‘pwn0001’ disclosed this information, which is believed to originate from personal data collected by the Indian Council of Medical Research (ICMR) during COVID-19 testing.
The initial discovery of the data breach was made by Resecurity, an American agency specializing in cybersecurity and intelligence. On October 9, ‘pwn0001’ disclosed details about the breach on Breach Forums, advertising the availability of 815 million records, including “Indian Citizen Aadhaar & Passport” data. For context, India’s total population is a little over 1.486 billion people.
The breach includes Aadhaar and passport details, names, phone numbers, and addresses. The Central Bureau of Investigation (CBI) is investigating, but the breach’s origin remains uncertain.
The Computer Emergency Response Team of India (CERT-In) has alerted ICMR. The data is spread across government bodies, making it challenging to trace.
This incident follows previous cyberattacks on Indian medical institutes, including AIIMS.