Almost a week after News18 broke the story on a suspected leak of data of 81.5 crore Indians, which was with the Indian Council of Medical Research (ICMR), the Centre has accepted that there was a “breach".
Rajeev Chandrasekhar, Union Minister of State for Electronics and Information Technology, in a press conference in Bhopal, said there is “evidence of leakage and investigation is going on, but the data was not stolen".
“Covid ke dauraan, kaafi saare digital platforms ke dwara, vaccination, diagnosis tracking hua tha, aur ye spasht roop se health ministry mein aur health ke alag alag, state me bhi aur centre me bhi alag alag database bane the. Aur database ke liye kaafi saare logon ko access bhi diya gaya tha. Usmein leakage hua hai, ye ek evidence aaya hai, uspe investigation chal raha hai. (Various departments had Covid-related data pertaining to testing, vaccination, diagnosis, etc. Several people were given access for these databases. There is evidence of a leakage there. Investigation is on)," Chandrasekhar told reporters in Hindi.Read More: Massive dark web data leak exposes India to digital identity theft and financial scams, warns Resecurity
While replying further, the minister said, “Lekin maine Digital Personal Data Protection bill ke paas hone ke time pe kaha tha ke sarkar ke is system mein is naye framework ko adjust karne mein thoda time lagega. (While passing the Digital Personal Data Protection bill, I had said that it will take some time to adjust to the new framework)."
News18 was the first to report about the suspected data leak and that the testing data was up for sale. Various opposition leaders, state ministers as well and experts had raised the issue based on the report.
The minister said data theft has not happened. “Ek saal hum maante hai adjust hone mein isko lagega. Chori nahi hua, thoda mere hisaab se, jo mujhe jaankari hai, thoda breach hua hai. (It will take a year to adjust to the new system. There is no theft, but a breach)," said Chandrasekhar.
Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the matter once ICMR files a complaint.
The threat actor
A ‘threat actor’ with a handle on X, formerly Twitter, advertised the database with records of 815 million Indian citizens — Aadhaar and passport information along with names, phone numbers and addresses — on the dark web.
He first claimed the data was extracted from the Covid-19 test details of citizens, but later said that he bought it at a price of 50,000 dollars from another platform.
Sources have confirmed to News18 that the epicentre of the leakage has not been established as the data was shared with the Health Ministry, National Informatics Centre (NIC) and ICMR. This data contains Aadhaar information of close to 10% (8.5 crore) of the total data as claimed by the threat actor, but Aadhaar data has not been breached.
The ICMR has been facing multiple cyber-attack attempts since February and central agencies as well as the council were aware of it. Over 6,000 attempts were made to hack ICMR servers.
First Published: Nov 7, 2023 9:08 AM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Gonda Lok Sabha election: BJP's Kirti Vardhan Singh takes on Beni Prasad Verma's granddaughter Shreya
May 19, 2024 10:19 PM
Faizabad Lok Sabha election: Can Ayodhya Ram Temple strengthen BJP's stronghold here?
May 19, 2024 10:16 PM
Amethi Lok Sabha election: Can BJP's Smriti Irani retain the Congress bastion she won in 2019?
May 19, 2024 10:12 PM
Rae Bareli Lok Sabha Election: Can Rahul hold on to this Gandhi family bastion?
May 19, 2024 10:09 PM