A massive data breach at the Indian Council of Medical Research (ICMR) has exposed the personal information of over 815 million Indians.

The data breach reportedly includes crucial information such as Aadhaar and passport details, along with names, phone numbers, and addresses, according to the reports.

Given the severity of the matter, the Central Bureau of Investigation (CBI) is expected to probe the incident after the ICMR files a complaint.

The data breach noticed by the US-based cybersecurity and intelligence firm Resecurity mentioned that “on October 9, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million ‘Indian Citizen Aadhaar and Passport’ records”.

Buy Me A Coffee

Moreover, the cybersecurity analysts found one of the leaked samples containing 100,000 records of PII (personally identifiable information) related to Indian residents.

In this sample leak, the analysts identified valid Aadhaar Card IDs, which were corroborated via a government portal that provides a “Verify Aadhaar” feature.

The analysts also managed to connect with the threat actor and learned they were willing to sell the entire Aadhaar and Indian passport dataset for $80,000.

However, the threat actor declined to specify how they obtained the data.

Blog vs. Website: What's the Difference?