Introduction
On October 9, 2023, an advertisement came under notice on the Dark Web offering a database full of Aadhaar numbers, passport details, names, and contact information. This information was published by a user named 'pwn0001'.Soon, the news of the data breach spread across all media platforms, and then security agencies started investigating on it. A US cybersecurity firm confirmed the news and stated that there was a huge data breach of around 815 Million people, whose estimated cost was around $800 Million, and data was leaked from ICMR's database. Just after this report, ICMR started the investigation of the data breach, and in November 2023, the government confirmed that there was evidence of a data leak but claimed that the data was not stolen. Later the CBI takes over the investigation into the data breach.
How was the data leaked?
The breach's specifics remain under investigation, but initial reports suggest a sophisticated cyber-attack against the ICMR's database. The data was likely accessed through a vulnerability in the system that manages COVID-19 test records. Given the scale of the breach, it is possible that the attackers exploited a series of security shortcomings, from inadequate firewalls to phishing scams that may have tricked individuals into granting access.
The attackers then seem to have systematically harvested the data, which included sensitive personal information, indicating a failure in both the detection systems that should have flagged such a large-scale extraction of data and in the access controls that should have prevented unauthorized entry in the first place. The breach affects a staggering 81.5 million individuals whose personal information is now at risk of being misused for various malicious purposes.
Significance
The severity of this breach lies not only in the volume of data stolen but also in the type of data. Aadhaar numbers are unique identifiers assigned to Indian residents, which are linked to various services and subsidies. The breach of such data raises significant concerns about identity theft and privacy violations.
Consequences
The ICMR data breach has a number of potential consequences, including:
- Identity theft: The leaked data could be used to steal identities and commit financial fraud.
- Phishing attacks: Individuals whose information was compromised could be targeted by phishing attacks.
- Loss of trust: The breach could damage public trust in the ICMR and the government.
- Economic damage: The breach could have a significant economic impact on businesses and individuals.
Action taken by Police
On 8th December 2023, the Delhi Police Cyber Unit took action against the ICMR data breach by arresting four individuals accused of selling the personal details of over 80 crore people on the dark web.
Conclusion
The ICMR data breach serves as a stark reminder of the vulnerabilities that exist within large databases and the importance of cybersecurity. It is imperative for organizations to invest in strong security measures and for individuals to be aware of the risks associated with their personal data.