ICMR Data Leak Shakes the Nation – Government Agencies Launch Urgent Response
In a startling turn of events, India is at present dealing with an enormous security breach that exposed the confidential data of more than 81.5 crore residents on the dark web. With indicators suggesting the Indian Council of Medical Research (ICMR) was the source of this momentous breach, this startling revelation has shocked the nation. It is impossible to exaggerate the severity of the issue; millions of people’s security is in danger because of a historic and enormous data breach.
The Magnitude of the Breach:
It is critical to grasp the extent of the disclosed data in order to comprehend the scope of this hack fully. Numerous Indian residents’ names, phone numbers, Aadhaar and passport numbers, as well as their temporary and permanent residences, are among the crucial facts hacked. The data gathered by ICMR during COVID-19 testing is what led to this concerning breach. By publicizing this stolen material on the dark web, the hacker known as “pwn001,” who committed this crime has exposed a serious flaw in the way government organizations store sensitive data.
Early Investigation and Quick Reaction:
On October 9, ‘pwn001’ on Breach Forums revealed this large data breach to the world. An astounding 815 million records, including “Indian Citizen Aadhaar & Passport” data, were allegedly accessible to the hacker. To put this in perspective, there are just over 1.486 billion people living in India. Among the hacked material, Resecurity, a well-known American cybersecurity and intelligence outfit, found 100,000 files that contained Indian people’s personal information. A government portal’s “Verify Aadhaar” feature was used to cross-check certain documents in order to confirm the accuracy of the Aadhaar data.
The intrusion was instantly reported to ICMR by the Computer Emergency Response Team of India (CERT-In). However, pinpointing the exact location of this breach has proven to be extremely difficult because COVID-19 test data is dispersed among many government agencies, including the Ministry of Health, the ICMR, and the National Informatics Centre (NIC).
The Ministry of Information and Technology and other pertinent government departments have not yet provided an official answer as of the time of writing, therefore the country is anxiously awaiting information.
Cybersecurity Events That Keep Happening:
This is not a unique instance of this uncomfortable situation. Cybercriminals gained access to the All India Institute of Medical Sciences (AIIMS) systems earlier this year, taking over one terabyte of data and extorting a sizable ransom. Due to this incident, the hospital’s already busy operations were severely disrupted for 15 days as they were forced to use manual record-keeping. A similar incident occurred at AIIMS Delhi in December 2022, and the culprits demanded a large amount of Bitcoin.
Creating a Future Course:
After the ICMR submits a formal complaint, the Central Bureau of Inquiry (CBI) is anticipated to begin an inquiry due to the extraordinary scope of this data breach and the possible participation of foreign entities. High-ranking officials from other ministries and agencies have been brought in to take a comprehensive approach to the crisis. To prevent more harm, strict standard operating procedures have been implemented along with corrective measures already in place.
The need for strengthened cybersecurity protocols inside government organizations and institutions that are tasked with protecting private citizen data cannot be overstated. The country is waiting for clarification, responsibility, and tangible steps to stop such violations in the future as the inquiry progresses.
