The Indian Council of Medical Research (ICMR) has become the victim of a significant data breach, where the personal information of more than 815 million registered individuals is currently available for purchase on the dark web. The compromised data includes essential particulars, such as Aadhaar and passport details, in addition to names, phone numbers, and addresses.
The Central Government is yet to respond to reports of an alert from Resecurity, an American cybersecurity agency, about the data intervention.
Reports indicate that the Indian Council of Medical Research (ICMR) has been informed about the breach, yet the exact source of the leak remains unknown. According to these reports, on October 9, an individual using the alias 'pwn0001' posted a message on Breach Forums, offering access to Indian citizens' personal data.
It is expected that the Central Bureau of Investigation (CBI) will undertake an inquiry once a formal complaint is submitted by the ICMR.
Last month, cybersecurity researchers uncovered a breach on the official website of the Ministry of AYUSH in Jharkhand, revealing over 320,000 patient records on the dark web. This incident is not an isolated one, as in June, the government initiated an investigation into a data breach, with personal information, including that of VVIPs, allegedly leaking from the CoWin website.
This development arises at a juncture when the Indian government is actively advocating for the widespread adoption of digital technologies across various sectors. Central Bank Digital Currency (CBDC) and the establishment of Digital Public Infrastructure (DPI) represent two of the pivotal initiatives that the Indian government has been consistently promoting over recent months.