Aadhar Card Crisis: In a startling revelation, US-based cybersecurity firm Resecurity has uncovered one of the largest data breaches in Indian history, with personal details of over 81.5 crore Indian citizens available for sale on the dark web. The compromised data, originating from the Indian Council of Medical Research’s (ICMR) database, includes sensitive information such as Aadhaar and passport details, names, phone numbers, and addresses.
Scale of the Breach
Resecurity’s report exposes the alarming extent of the breach, revealing that personal data from approximately 81.5 crore Indians is now exposed on the dark web. This includes a vast array of information, from names and phone numbers to Aadhaar and passport details, all of which are being offered for sale online.
The Dark Web Marketplace
A threat actor, going by the alias ‘pwn0001’, was identified as the perpetrator who posted a thread on Breach Forums on October 9, advertising access to a staggering 815 million ‘Indian Citizen Aadhaar and Passport’ records. This individual was willing to sell the entire dataset for a hefty sum of $80,000, emphasizing the gravity of the situation.
Central Bureau of Investigation (CBI) Involvement
In response to the breach, the Central Bureau of Investigation (CBI) is expected to launch a thorough investigation once a formal complaint is filed by the ICMR. This underscores the severity of the incident and the need for a comprehensive inquiry to identify the perpetrators and secure affected individuals.
Suspected Origins of Compromised Data
There are suspicions that the compromised data may have originated from the ICMR database, adding another layer of concern to the breach. The exact method of data acquisition by the threat actor remains undisclosed, raising questions about the security protocols in place to safeguard such critical Aadhar Card information.
Previous Incidents and Vulnerabilities
This recent breach follows a series of cybersecurity incidents in India. Last month, the Ministry of AYUSH in Jharkhand fell victim to a breach, exposing over 3.2 lakh patient records on the dark web. The compromised data included personally identifiable information (PII) and medical diagnoses, raising concerns about the overall cybersecurity infrastructure.
CoWIN Vaccine Data Breach
In June 2023, another hacker disclosed the leak of personal data, including names, phone numbers, passport numbers, and Aadhaar numbers of over 80 crore Indians. This leak, including COVID-19-related information, prompted an investigation into the CoWIN vaccine data breach, highlighting the vulnerabilities in handling sensitive Aadhar Card data.
Cybersecurity Threats on the Horizon
The Aadhaar data leak is not an isolated incident, as cybersecurity threats loom large over India. In April, the hacking group ‘Hacktivist Indonesia’ announced plans to target thousands of Indian government websites, adding to the urgency of fortifying cybersecurity measures.
Conclusion: Safeguarding Aadhar Card Information in the Digital Age
In conclusion, the Aadhaar data leak serves as a wake-up call for Indian authorities to enhance cybersecurity infrastructure, investigate the source of vulnerabilities, and implement robust measures to protect citizens’ sensitive Aadhar Card information from falling into the wrong hands. The collaboration of government agencies, cybersecurity firms, and the public is crucial in mitigating the risks posed by such large-scale data breaches.
