Aadhaar, the unique identification number issued to every Indian citizen, has recently made headlines for all the wrong reasons. There are alarming reports suggesting that the personal information of approximately 815 million citizens was illicitly accessed by hackers through the Indian Council of Medical Research (ICMR) website, which maintains records of Covid-19 vaccination details for the public.
The ICMR, short for the Indian Council of Medical Research, fell victim to a security breach in September of this year. Allegedly, an actor known as ‘pwn001’ successfully gained unauthorized access to this data and subsequently posted it on a discussion thread within Breach Forums.
The breach is particularly concerning as the hacker claims to have sourced data on over 81.5 crore (815 million) Indian residents from a website related to citizen information. To put this into perspective, the leaked data pertains to roughly half of India’s total population, which stands at a staggering 144 crore citizens, or 1.40 billion people.
What makes this UIDAI data breach even more troubling is the wealth of information the hacker managed to obtain. In addition to Aadhaar numbers, the breach includes names, phone numbers, addresses, and passport data of Indian citizens. Such comprehensive personal information can potentially be exploited by cybercriminals to orchestrate phishing attacks and other malicious activities.
In response to this alarming breach, the Information and Broadcasting Ministry of India has reported that the Central Bureau of Investigation (CBI) is currently investigating the details of the data breach. The CBI launched this inquiry following a complaint filed by the ICMR. The Ministry has pledged to provide further information once a thorough investigation has been completed.
It is worth acknowledging the efforts of Resecurity, a cybersecurity firm based in Los Angeles, for initially bringing this significant breach to public attention. Their responsible disclosure of this information through proper channels has played a crucial role in shedding light on this serious security incident.