In a significant development, Delhi Police have arrested four individuals from various states in connection with the Indian Council of Medical Research (ICMR) data breach, shedding light on a major cybersecurity incident that exposed the personal details of over 81 crore Indians. The ICMR data breach gained attention over two months ago when central intelligence agencies discovered that sensitive information, including Aadhaar and passport records, had allegedly been leaked from the ICMR’s data bank and offered for sale on the dark web.
The arrested individuals, hailing from Odisha, Haryana, and Jhansi, were taken into custody last week. Among them was a Bachelor of Technology graduate from Odisha, along with two school dropouts from Haryana. During interrogation, the suspects claimed that, in addition to the ICMR data, they had pilfered information from the United States Federal Bureau of Investigation (FBI) and Pakistan’s Computerized National Identity Card (CNIC). The ICMR data leak case was initially reported to the Indian Computer Emergency Response Team (CERT-In), which verified the authenticity of the leaked data by cross-referencing it with the concerned departments and urged them to match it with the actual data.
The investigating authorities discovered that approximately 1 lakh people’s data had been posted as a sample on the dark web. They selected 50 individuals for verification and found a match, prompting them to launch an investigation into the ICMR data leak. The Delhi Police registered a First Information Report (FIR) earlier this month. The arrested suspects were presented before a Delhi court, which remanded them to seven days of police custody. Despite their varied backgrounds, the suspects collectively face accusations of compromising the security and privacy of a vast number of individuals through the ICMR data breach. This incident highlights the vulnerabilities in the Indian cybersecurity space, and authorities are closely monitoring the situation as the investigation unfolds.
