In a concerning development, India is facing what could potentially be its most significant data leak to date. Details of a staggering 815 million Indian citizens, involving Covid-19 test information, have appeared for sale. The data is associated with the Indian Council of Medical Research (ICMR), raising serious concerns about data security and privacy.
The gravity of the situation has prompted India’s premier investigative agency, the Central Bureau of Investigation (CBI), to consider launching a probe into the matter once ICMR lodges an official complaint.
While the breach has been reported to ICMR by CERT-In, it remains unclear where the breach originated, as Covid-19 test data is distributed among various entities, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health. The sale of this data was initially noted on BreachForums and has since gained notoriety, with a user named “pwn0001” listing the data for sale, citing its authenticity and offering it for purchase, including sensitive information such as names, phone numbers, passport numbers, and addresses.
This shocking data breach has sparked alarm over the security of sensitive personal information, and the swift response from authorities and agencies is essential to determine the extent of the breach and mitigate its consequences. The fact that such a substantial dataset is available for sale raises serious concerns about the potential misuse of this sensitive information and underscores the urgent need for improved data protection measures.