More than 81 crore Indians' personal information exposed on dark web in massive data breach

A US cybersecurity firm, Resecurity, has reported a significant data breach involving the personal information of approximately 815 million, or 81.5 crore, Indian citizens.

This data, which includes names, phone numbers, addresses, Aadhaar, and passport information, is now reportedly for sale on the dark web. The threat actor behind this breach, known as 'pwn0001', has allegedly offered the entire Aadhaar and Indian passport database for sale at a price of $80,000.

The Central Bureau of Investigation (CBI) is currently investigating the matter. It has been suggested that the stolen data comes from information collected by the Indian Council of Medical Research (ICMR) during COVID-19 testing.

Among the leaked data, 100,000 files containing personal details of Indian citizens were found, and some of these records were verified using the government's 'Verify Aadhaar' feature. The Computer Emergency Response Team of India (CERT-In) has alerted ICMR about the breach.

Identifying the origin of the breach presents a challenge due to the scattered nature of COVID-19 test information across various government bodies like the National Informatics Centre (NIC), ICMR, and the Ministry of Health.

Also read: Union Minister Nitin Gadkari to lay foundation stones of 26 National Highway projects in Guwahati today