NEW DELHI: The Delhi Police arrested four people in connection with the data leak case of the Indian Council of Medical Research (ICMR), officials said on Monday.Sources said that the arrests were made following an investigation by the central probe agencies which revealed that personal details of more than 81 crore Indians were compromised and offered for sale on the dark web, originating from the ICMR’s data bank.
The accused, who had reportedly met on a gaming platform, conspired to hack the data and capitalise on the sale for quick financial gains. “They were taken into custody after a massive hunt in three different states,” the source said.
Earlier this year, the Intelligence Fusion and Strategic Operations unit of the Delhi Police took suo motu cognizance of the situation after reports surfaced regarding the significant data breach.According to official sources, data of more than 81.5 crore Indians, with the ICMR, was put on sale on the dark web,
which contained crucial information such as Aadhaar and passport details, along with names, phone numbers, and addresses.
The data breach noticed by the US-based cyber security and intelligence firm Resecurity mentioned that ‘On October 9, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million Indian Citizen Aadhaar and Passport records.’
Moreover, the cyber security analysts found one of the leaked samples containing 100,000 records of PII (personally identifiable information) related to Indian residents.In this sample leak, the analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a ‘Verify Aadhaar’ feature.
Accused wanted to capitalise on sale of data
The accused conspired to hack the data and capitalise on the sale for quick financial gains. “They were taken into custody after a massive hunt in three different states,” the source said. Earlier this year, the Intelligence Fusion and Strategic Operations unit took suo motu cognizance after reports surfaced regarding the significant data breach.