COVID-19 Test Info of 81.5 Cr Indians Leaked in Biggest Data Breach: Report
Newsclick Report | 30 Oct 2023
Names, Aadhaar and passport information, phone numbers and addresses have been advertised on the dark web, according to US cybersecurity agency Resecurity.
In the country’s biggest data leak, COVID-19 test details, including names, Aadhaar and passport information, phone numbers and addresses, of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) have been advertised on the dark web.
According to an exclusive report by News18, American cybersecurity and intelligence agency Resecurity noticed the leak on October 9.
A threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums accessing Aadhaar and passport records.
Pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as proof1.
“One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” Resecurity said.
Pwn0001 claimed that the data—extracted from the COVID-19 test details—was sourced from ICMR.
Sources confirmed to News18 that the epicentre of leak has not been identified as parts of the test data are sent to the National Informatics Centre, ICMR and health ministry.
News18’s query, calls and messages sent to ICMR’s director general on Saturday remained unanswered.
According to sources, CERT-In informed ICMR about the breach and the verification of sample data, which matches with the actual data of ICMR.
After the leak, the government has roped in top officials of different agencies and ministries.
As foreign actors are involved in the leak, the sources added, it should be probed by a premier agency. The CBI will likely investigate the matter once the ICMR files a complaint.
At present, remedial measures have been taken and the required SoP has been deployed to control the damage.
Hackers have tried to hack ICMR data multiple times since February. Central agencies and the council are aware of it. Last year, more than 6,000 attempts were made to hack ICMR servers. Agencies had asked the ICMR to take remedial action to avert data leak, the sources said.
This is not the first time that the health system has been targeted. Last year, a cyber-attack triggered changes in various AIIMS services. News18 had reported that the attack was linked to “one of India’s neighbouring countries” with an IP address originating from there.
In June, a TG bot allegedly posted personal data of Indians registered with the CoWIN portal for vaccination. The health ministry denied the report and said that the allegations were “mischievous in nature”. Minister of state for electronics and IT Rajeev Chandrasekhar said that the nodal cyber security agency found that the CoWIN platform was not “directly breached”.
