In a startling revelation, India finds itself embroiled in what experts are deeming as one of the most significant data breaches in its history. This massive breach, involving the sensitive personal information of over 81.5 crore individuals, is believed to have been sourced from the Indian Council of Medical Research (ICMR), as reported by News18.
This unsettling breach was first brought to light by Resecurity, a prominent American cybersecurity and intelligence agency. According to Resecurity, a mysterious ‘threat actor’ operating under the alias ‘pwn001’ initiated this alarming development. ‘Pwn001’ posted a thread on Breach Forums, which is recognized as a preeminent platform for discussions and leaks related to data breaches. This thread effectively granted access to records encompassing an astonishing 815 million (81.5 crore) Indian citizens.
To put this staggering figure into perspective, this data breach encompasses nearly ten times the population of countries such as Iran, Turkey, and Germany, which are ranked as the 17th, 18th, and 19th most populous nations worldwide, respectively. In contrast, India stands as the world’s most densely populated country, with approximately 1.43 billion inhabitants.
The information disclosed includes, but is not limited to, Aadhaar and passport details, in addition to names, phone numbers, and addresses. The hacker, ‘pwn001,’ claims to have extracted these details from the Covid-19 test records of individuals registered with the ICMR.
As evidence of this security lapse, ‘pwn001’ has shared several spreadsheets featuring segments of Aadhaar data. Upon meticulous examination, these fragments have been identified as legitimate Aadhaar card IDs.
While official responses from ICMR or the government are yet to be issued, the report suggests that the Central Bureau of Investigation (CBI) is poised to initiate an investigation once it formally receives a complaint from the ICMR. Additionally, high-ranking officials from various governmental agencies and ministries have been mobilized to address this crisis. Stringent Standard Operating Procedures (SOPs) have been enforced to mitigate the fallout from this monumental breach.