Covid-19 Test Data Leak: Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint
In what is suspected to be the biggest data leak case in the country so far, details of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) are on sale.
Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint.
A ‘threat actor’ with a handle on X, formerly Twitter, has advertised the database in the breached forum on dark web which involves records of 81.5 million Indian citizens — Aadhaar and passport information along with names, phone numbers and addresses. The ‘threat actor’ claimed the data — extracted from the Covid-19 test details of citizens — was sourced from ICMR.
ICMR has been facing multiple cyber-attack attempts since February and central agencies as well as the council were aware of it. Over 6,000 attempts were made last year to hack ICMR servers. The agencies had also asked ICMR to take remedial action to avert any data leak, sources said.
A threat actor going by the alias pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as proof. (Resecurity)
Read More: ISRO Is Working On This BIG Project To Secure India’s Future Of Computing
A query, calls and messages sent to ICMR DG on Saturday remained unanswered and his response is awaited.
It has been learnt that CERT-In has informed ICMR about the breach and the verification of sample data, which is on sale, matches with the actual data of ICMR after which all agencies were ropes in.
Considering the sensitivity of the matter, all the top officials of different agencies and ministries have been roped in. Sources said as foreign actors are involved in the leak, it would be important to get it probed by a premier agency. At present, remedial measures have been taken and the required SoP has been deployed to control the damage.
Sources confirmed to News18 that the epicentre of leakage has not been identified as parts of the Covid-19 test data go to the National Informatics Centre (NIC), ICMR and Ministry of Health.
Read More: Sisodia’s Bail Rejected by SC in Delhi Excise Policy Case, Court Says Conclude Trial in 6-8 Months
The alias pwn0001 posted a thread on Breach Forums on October 9, brokering access to 815 million Indian Citizen Aadhaar & Passport records. (Resecurity)
According to American cyber security and intelligence agency Resecurity, which initially noticed the leak, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums on October 9, brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. To put this victim group in perspective, India’s entire population is just over 1.486 billion people.
Pwn0001 shared spreadsheets containing four large leak samples with fragments of Aadhaar data as proof. “One of the leaked samples contains 100,000 records of PII related to Indian residents. In this sample leak, HUNTER analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature. This feature allows people to validate the authenticity of Aadhaar credentials,” Resecurity said.
This is not the first time that India’s health system has been targeted by hackers.
Last year, AIIMS faced a cyber-attack that triggered changes in various systems. News18 had reported earlier that the attack had links to “one of India’s neighbouring countries” as agencies had found an IP address originating from there.
Trouble began on November 23 when the servers went down, affecting the outpatient department (OPD) and sample collection services. After a few days, AIIMS had to finally restart its OPD through online booking.
