In what could potentially be the largest data breach in India’s history, sensitive details of 81.5 million Indians have surfaced on the dark web as per reports. One of the most concerning aspects of this breach is that the epicenter of the leakage has not been pinpointed. The ICMR has been under cyber-attacks since February, with over 6,000 attempted breaches recorded last year. 

This alarming development has prompted India’s investigative agency, the Central Bureau of Investigation (CBI), to prepare for a thorough probe into the incident, pending an official complaint from the Indian Council of Medical Research (ICMR).

The breach was brought to public attention when a ‘threat actor’ using the pseudonym ‘pwn0001’ advertised the stolen database on a breached forum in the dark web. The compromised information includes Aadhaar and passport details, along with names, phone numbers, and addresses. According to the ‘threat actor,’ this extensive dataset was obtained from the Covid-19 testing records collected by ICMR.

Central agencies and the council were aware of the continuous threats and had urged the ICMR to strengthen its cybersecurity measures to prevent any data leaks.

The seriousness of this incident prompted the involvement of the Computer Emergency Response Team of India (CERT-In), which notified the ICMR about the breach. The verification of sample data for sale matched with the actual data from ICMR, triggering an immediate response from relevant government agencies.

As the breach is suspected to involve foreign actors, the case has gained significant attention at the highest levels of government. Multiple agencies and ministries have been mobilized to address the crisis and investigate the breach thoroughly. Remedial measures are already in place, and Standard Operating Procedures have been deployed to mitigate further damage.

The Covid-19 test data in question is dispersed among several government entities, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health, making it difficult to trace the source of the breach.

The American cyber security and intelligence agency Resecurity was the first to identify the data leak. ‘pwn0001’ posted information about the breach on Breach Forums on October 9, offering access to 815 million “Indian Citizen Aadhaar & Passport” records. To provide perspective, this volume of compromised data exceeds the entire population of India, which stands at just over 1.486 billion people.

Analysts found that one of the leaked samples contained 100,000 records of personally identifiable information related to Indian residents. Some of these records were cross-verified through a government portal’s “Verify Aadhaar” feature, confirming the authenticity of Aadhaar credentials.