Updated on Dec 18, at 1.33 p.m.

Delhi Police has arrested four people in connection with the data leak from the Indian Council of Medical Research (ICMR).

The accused were taken into custody after a massive hunt in three different states, said the sources.

The sources suggest that the accused, who had reportedly met on a gaming platform, conspired to hack the data and capitalise on the sale for quick financial gains.

Earlier this year, the Cyber cell of Delhi Police took suo motu cognizance of the situation after reports surfaced regarding the significant data breach.

The arrests follow an investigation by central probe agencies, revealing that personal details of more than 81 crore Indians were compromised and offered for sale on the dark web, originating from the ICMR’s data bank.

Updated on Oct 30, at 7.12 p.m.

In a massive data breach, details of over 81.5 cr citizens with the Indian Council of Medical Research (ICMR) are on sale on the dark web, which contains crucial information such as Aadhaar and passport details, along with names, phone numbers, and addresses, according to the reports. 

Given the severity of the matter, the Central Bureau of Investigation (CBI) is expected to probe the incident after the ICMR files a complaint.

Data breach at ICMR

The data breach noticed by a US-based cybersecurity and intelligence firm mentioned that “on Oct 9, a threat actor going by the alias ‘pwn0001’ posted a thread on a crime forum brokering access to 815m (81.5 cr) ‘Indian Citizen Aadhaar and Passport’ records”.

Moreover, the cybersecurity analysts found one of the leaked samples containing 1,00,000 records of PII (personally identifiable information) related to Indian residents.

In this sample leak, the analysts identified valid Aadhaar card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature.

The analysts also managed to connect with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000 (over ₹66 lakh).

However, the threat actor declined to specify how they obtained the data.

Cyber security threat in India

Last month, cybersecurity researchers found that the official website of the Ministry of AYUSH in Jharkhand had been breached, exposing over 3.2 lakh patient records on the dark web.

According to a cybersecurity company, the website’s database, amounting to 7.3MB, holds patient records that include PII and medical diagnoses. The compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers.

The data breach was initiated by a threat actor named “Tanaka”.

(Source: IANS)

- Edited for style

For more such updates and news on the go, follow us on Instagram | YouTube | Facebook