In a severe data breach, the personal details of 815 million Indians have emerged on the dark web for sale, as reported by the US-based cybersecurity firm Resecurity. This alarming breach includes sensitive information such as Aadhaar and passport details, names, phone numbers, and addresses.
Speculations point toward the compromise of the Indian Council of Medical Research (ICMR) database due to the extensive and sensitive nature of the exposed data, although ICMR has not responded to inquiries.
Sanjay Kaushik, Managing Director of Netrika Consulting, emphasized the urgent need for businesses to prioritize asset security in today’s digital landscape. He stressed the importance of robust cybersecurity measures, including encryption, multifactor authentication, access controls, and regular security audits, to safeguard sensitive data effectively.
According to the Resecurity website, an individual using the alias “pwn0001” offered access to 815 million records, including “Indian Citizen Aadhaar and Passport” information, on the darknet crime forum BreachForums. This hacker was willing to sell the entire Aadhaar and Indian passport dataset for $80,000 when approached by Resecurity.
In a similar incident in August, another threat actor named “Lucius” offered a 1.8 terabyte data leak related to an unnamed “Indian internal law enforcement organization” on BreachForums.
In April 2022, the Comptroller and Auditor General investigated the Unique Identification Authority of India (UIDAI) and found that the authority had not effectively regulated its client vendors or secured their data vaults, as outlined in a Brookings report.
Since its establishment in 2009, UIDAI has issued approximately 1.4 billion Aadhaar cards, making it one of the world’s largest biometric identification initiatives according to a 2022 report by the Brookings Institution.
Kaushik highlighted the crucial role of encryption, multifactor authentication, access controls, regular security audits, and updates in protecting data against emerging threats.
The exposure of personally identifiable information, including Aadhaar and other personal details of Indian citizens, on the dark web poses a significant threat of digital identity theft.
Malicious actors exploit stolen identity data for activities such as online banking fraud, tax refund scams, and various cyber financial crimes, underscoring the critical need for enhanced cybersecurity measures and increased vigilance among organizations and individuals.