Personal information of over 81 crore Indians has been allegedly leaked and put up for sale on the dark web. Covid-19 test data was held with the Indian Council of Medical Research (ICMR), cited as the source of the data.
An American cyber-security and intelligence agency reportedly noticed the breach.
The data that was placed on the dark web reportedly included information such as name (of beneficiaries), address, phone number, Aadhaar card number, etc.
The breach was also previously advertised on Twitter or X, where the ‘threat actor’ also revealed the details.
According to the report, the ‘threat actor’ shared spreadsheets containing four large leaked samples containing one lakh records of personally identifiable information related to Indian residents.
According to health ministry officials, the Indian Computer Emergency Response Team (CERT-IN) has also been alerted by the ICMR. It is not clear whether the hacker violated the ICMR system or any other source.
“The verification process of the breach reports is ongoing,” said a health ministry official.
This is not the first time India’s healthcare system has been targeted by hackers.
Earlier this year too, there were reports of leaks about the Covid-19 vaccine. Although it was initially said that the breach occurred through the CoWIN portal, subsequent investigations revealed that the breaches were across state government databases.
In November 2022, AIIMS faced a cyber attack. As the server went down, it affected Out Patient Department (OPD) functionality and sample collection services.