81.5 crore Indians’ personal data leaked, claim hacker – India’s Largest Data Breach until 2023

TLDR

• Sensitive personal data of 81.5 million India users have leaked and surfaced on the dark web.
• The stolen information comprises Aadhaar and passport details, names, phone numbers and temporary and permanent addresses.
• The data reportedly comes from the information collected by Indian Council of Medical Research (ICMR) during COVID-19 testing.

The digital landscape is constantly evolving, but with innovation comes challenges, particularly in safeguarding personal information. India recently bore witness to this harsh reality as it grappled with its largest data breach to date, shedding light on the critical importance of robust data security measures.

In what’s touted as India’s biggest data breach, personal information of a staggering 81.5 crore individuals was leaked, allegedly from the database of the Indian Council of Medical Research (ICMR). The breached data, which reportedly included details related to Aadhaar cards—a pivotal identification document for Indian residents, found its way to the dark web, a notorious marketplace for illegal data trading. (Source)

‘pwn001,’ with a handle on X (formerly Twitter), advertised Aadhaar and passport information along with names, phone number, and addresses; these, the hacker claims, were extracted from the Covid-19 test details of citizens registered with ICMR.

As a proof, ‘pwn001’ posted spreadsheets with four large leak samples with fragments of Aadhaar data. Upon analysis, these were identified as valid Aadhaar card IDs.

The healthcare sector, where the breach purportedly originated, has seen a troubling surge in cyberattacks and data breaches recently, making this incident a tip of the iceberg. The data leak not only poses a significant threat to individual privacy but also highlights the broader systemic vulnerabilities in data management and security protocols

The incident has ignited a fervent discussion on the need for stringent data security measures and regulatory frameworks to prevent such breaches. The breach underscores the critical need for organizations, especially those handling sensitive data, to bolster their cybersecurity infrastructure, employ advanced data encryption techniques, and foster a culture of cybersecurity awareness among their workforce.

Moreover, this data breach serves as a stark reminder for policymakers to expedite the formulation and implementation of stringent data protection laws. The need for a robust legal framework to ensure data privacy and security is more pressing than ever, given the escalating cyber threats and the proliferation of digital data.

In conclusion, the massive data breach is a wake-up call for India and other nations to fortify their cybersecurity measures. As the digital realm continues to expand, the onus is on both organizations and regulatory authorities to build a secure digital ecosystem that can withstand the burgeoning cyber threats and ensure the privacy and security of individuals’ data.

Learn how you can protect your azure cloud storage from such leaks using Open Buckets: How to Find & Secure Exposed Microsoft Azure Buckets in 2023