In the biggest data leak case in India to date, details of 81.5 crore Indians have been leaked from the Indian Council of Medical Research (ICMR). The data, which includes Aadhaar and passport information, names, phone numbers, and addresses, is being sold on the dark web.
The Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint. ICMR has been facing multiple cyber-attacks since February, and central agencies had warned the council to take remedial action to avert a data leak.
The leak was first reported by American cybersecurity and intelligence agency Resecurity, which said that a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on October 9, brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. Pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as proof.
This is not the first time that India’s health system has been targeted by hackers. Last year, AIIMS faced a cyber-attack that triggered changes in various systems. Agencies had found that the attack had links to “one of India’s neighbouring countries”.