A recent report from the US-based cybersecurity firm Resecurity has revealed that the personally identifiable information of a staggering 815 million (81.5 crore) Indians has been exposed on the dark web, marking one of the largest data breaches in the history of the nation.
Sensitive data for sale online
The breach includes a wealth of sensitive data such as:
- Names
- Phone numbers
- Addresses
- Aadhaar numbers
- Passport information
All the data is available for purchase on illicit online platforms.
Breach Disclosure
According to Resecurity, the breach was disclosed by a threat actor identified as 'pwn0001' on Breach Forums. The actor claimed to possess access to 81.5 crore records, including both Aadhaar and passport details, a number nearly half of India's entire population of over 147.6 crore (1.486 billion) people.
A Staggering Offer
Investigators from Resecurity's HUNTER (HUMINT) unit established contact with the threat actor and found that they were willing to sell the entire Aadhaar and Indian passport database for a considerable sum of $80,000 (which is around Rs 66,60,760).
CBI Investigation Underway
In response to the enormous breach, the Central Bureau of Investigation (CBI) is actively conducting an investigation into the matter, following its initial discovery by the hacker known as "pwn0001."
Potential Source: ICMR Database
While not officially confirmed, there is speculation that the compromised data might have originated from the Indian Council of Medical Research (ICMR) database.
Hacker's claim
Another report suggests that an unidentified hacker proclaimed, "India Biggest Data Breach Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19. The leaked data includes Name, Father's name, Phone number, Other number, Passport number, Aadhaar number, Age."
Major Setback for the Indian Government's Digital Initiatives
The data breach is a major setback for the Indian government's digital initiatives, which aimed to digitize the economy and develop digital public infrastructure (DPI) centred on biometric identification numbers (Aadhaar), mobile numbers, and bank accounts for benefits transfer and private sector innovation.
ALSO READ Unmasking the SIM Swap Scam: Understanding scammers' tactics
Prior Breach concerns
This breach follows earlier concerns in June when the government launched an investigation into the alleged leak of personal data from vaccinated citizens, including VVIPs, via a Telegram messenger channel from the CoWin website.
Need for heightened data security measures
This significant data breach emphasizes the urgent need for heightened data security measures and highlights the challenges associated with personal data protection in the digital age.
ALSO READ Before You Buy: 6 Key Tips for Smart Festive Season Gadget Shopping
