The hacker claims to have extracted the information from the Covid-19 test details of the citizens registered with ICMR.
In what is being described as possibly the ‘biggest' case of data leak in the country, personal details of more than 81.5 crore Indians, sourced allegedly from the Indian Council of Medial Research (ICMR), have been leaked online, as per a report in News18.
What happened?
The report noted that the leak was initially noticed by Resecurity, an American cyber security and intelligence agency. According to the cyber firm, a ‘threat actor’ with the alias ‘pwn001’ posted a thread on Breach Forums,– which describes itself as a ‘premier Databreach discussion and leaks forum’ – enabling access to records of 815 million (81.5 crore) Indians.
For a perspective, this is around 10 times the total population of countries like Iran, Turkey and Germany, the world's 17th, 18th, and 19th most populous nations, respectively. India, on the other hand, is the world's most populous country, with 1.43 billion people.
What information has been leaked?
'pwn001,' with a handle on X (formerly Twitter), advertised Aadhaar and passport information along with names, phone number, and addresses; these, the hacker claims, were extracted from the Covid-19 test details of citizens registered with ICMR.
As a proof, ‘pwn001’ posted spreadsheets with four large leak samples with fragments of Aadhaar data. Upon analysis, these were identified as valid Aadhaar card IDs.
Remedial measures
While there is no official response from ICMR or government, the report states that the Central Bureau of Investigation (CBI) is likely to probe the matter once it receives a complaint from ICMR.
In addition to this, all the top officials from various agencies, as well as ministries, have been roped in. Also, to control the damage, the required Standard Operating Procedure (SOP) has been deployed.