Sign In
Learn bits
Science & Tech.
Mahesh

07/11/23 06:21 AM IST

How the personal data of 815 million Indians got breached

In News
  • Recently, Resecurity, an American cyber security company, said that personally identifiable information of 815 million Indian citizens, including Aadhaar numbers and passport details, were being sold on the dark web.
  • Threat actors were willing to sell the data for $80,000.
PII
  • Personally Identifiable Information or PII is information that when used alone or with other relevant data, can identify an individual.
  • PII may be direct identifiers like passport information or quasiidentifiers that can be combined with other information to successfully recognise an individual.
  • The data being sold on the dark web included one’s Aadhaar number, a unique 12digit individual identification number issued by the Unique Identification Authority of India (UIDAI) on behalf of the Indian government.
  • This data was being sold by a threat actor going by the name pwn0001.
  • However, another threat actor by the name of “Lucius” also claimed to have access to a more extensive array of PII data which included voter IDs and driving licence records.
How did such actors gain access to sensitive data?
  • Threat actors selling stolen data on the dark web declined to specify how they obtained the data without which any effort to identify the source of the data leak would be speculative.
  • Lucius, the second threat actor found selling data online claimed to have access to a 1.8 terabyte data leak impacting an unnamed “India internal law enforcement agency”.
  • However, the claim is yet to be authenticated.
  • India’s IT minister Rajeev Chandrasekhar shared that the country’s Computer Emergency Response Team is investigating reports of the data leak, and that the government is still working on moving massive amounts of data, including legacy data collected over the past decades, to a safe storage.
  • However, he did not confirm or comment on the size of the alleged leak.
How secure is our PII data?
  • Aadhaar data leaks were also reported in 2018, 2019, and 2022, with three instances of largescale leaks being reported, including one in which farmer’s data stored on the PM Kisan website was made available on the dark web.
  • Earlier this year, reports emerged that a bot on the messaging platform Telegram was returning personal data of Indian citizens who registered with the COVID19 vaccine intelligence network (CoWIN) portal.
  • At the time, the Health Ministry denied reports of a data breach and said that allegations were “mischievous in nature and that CERTIn was reviewing the existing security infrastructure of the portal.”
  • However, UIDAI on its website says all Aadhaar holders’ data is safe and secure in the Central Identities Data Repository (CIDR) of UIDAI and that they have never been breached in all its years of existence.
  •  It further adds that UIDAI uses advanced security technologies to keep data safe and keeps upgrading them to meet emerging security threats and challenges.
Threats arising from leaked information
  • India being one of the fastest growing economies of the world, ranked fourth globally in all malware detection in the first half of 2023, according to a survey from Resecurity.
  • A separate vendor survey of 200 Indian IT decision makers published in September produced similar findings where 45% of Indian businesses said they experienced more than a 50% rise in disruptive cyberattacks last year.
  • The report also found that 67% of Indian government and essential services organisations experienced over a 50% increase in disruptive cyberattacks.
  • The unrest in West Asia and increase in attacks by threat actors capitalising on the chaos exposed personally identifiable data significantly, increasing the risk of digital identity theft.
  • Threat actors leverage stolen identity information to commit onlinebanking theft, tax frauds, and other cyberenabled financial crimes.
  • A significant spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors are looking to harm Indian national and residents.
How to safeguard data?
  • Users should try to ascertain if their information was leaked in the data leak.
  • Users should also be alert and approach emails for unknown sources with caution as stolen information may be used to target users in phishing campaigns.
  • It is also advised to change existing user IDs and passwords to ensure that stolen data cannot be used for launching brute force attacks.
  • Users should also implement twofactor authentication for all their accounts and inform the concerned authorities in case they notice any suspicious activity in their online accounts.
Source- The Hindu

More Related Current Affairs View All

24 Sep

Leveraging transit-oriented development to build productive cities

'Indian cities are on the brink of a transportation revolution, with a projected expenditure of ?3 trillion (between 2022–2027) set to be spent on approved metro rail project

Read More

24 Sep

Section 107 of BNSS

'The Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, introduced Section 107, which deals with properties which are “proceeds of crime”.' Until recently, this term w

Read More

24 Sep

Supreme Court strengthened child pornography law

'Tightening the law on child pornography, the Supreme Court recently said that even viewing, possessing, and not reporting such content is punishable under the Protection of Childr

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps