New Delhi: The details of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) are on sale. This could be the result of multiple cyber-attack attempts that the council has been facing since February and was also aware of.
It is suspected to be the biggest data leak in the country so far, News18 reported adding that the ‘threat actor’ claimed the data — extracted from the COVID-19 test details of citizens was sourced from ICMR.
Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint.
A ‘threat actor’ with a handle on X, formerly Twitter, has advertised the database in the breached forum on the dark web which involves records of 81.5 million Indian citizens — Aadhaar and passport information along with names, phone numbers and addresses, the report added.
According to the report, it has been learnt that CERT-In has informed ICMR about the breach and the verification of sample data, which is on sale, matches with the actual data of ICMR after which all agencies were roped in.
Remedial measures have been taken and the required SoP has been deployed to control the damage.
Sources confirmed to News18 that the epicentre of leakage has not been identified as parts of the COVID-19 test data go to the National Informatics Centre (NIC), ICMR and Ministry of Health.
According to American cyber security and intelligence agency Resecurity, which initially noticed the leak, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on October 9, brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people, the report added.