Four Men Arrested In ICMR Data Leak Case, Claim They Also Stole FBI And Pakistan's CNIC Info

Four men have been arrested from three different states by Delhi Police in connection with data breach of over 81 crore Indians from the data bank of the Indian Council of Medical Research (ICMR).

This comes two months after the central intelligence agencies found that data of Indian citizens on the ICMR data bank has been leaked and was being sold on the dark web.

During interrogation, the alleged culprits claimed to have also stolen data from the Federal Bureau of Investigation (FBI) and the Computerised National Identity Card (CNIC) - the equivalent of Aadhaar in Pakistan, Indian Express reported.

Delhi Police had taken suo motu cognisance of the data leak earlier this month and registered an FIR, according to a senior officer.

“Last week, four men — a BTech degree holder from Odisha, two school dropouts from Haryana and one from Jhansi — were arrested and produced before a Delhi court which remanded them in seven days police custody,” the officer was quoted as saying in the IE report.

During the initial questioning, the detained individuals informed investigators that their friendship began on a gaming platform around three years ago. They subsequently made a decision to pursue quick money-making ventures.

The breach was detected in October after intelligence officers came across the data - including Aadhaar and passport records - on the dark web.

The issue was brought to the attention of the Indian Computer Emergency Response Team (CERT-In), the primary national agency responsible for handling cyber threats like hacking and phishing.

The CERT-In initially confirmed the data's authenticity with the relevant departments and requested them to cross-check it with their actual data. The data of approximately 100,000 individuals was discovered, from which a sample of 50 people's data was selected for verification. The results were found to be a match, according to the officer.

Given the sensitive nature of the issue, an investigation was promptly initiated, culminating in the apprehension of the four men last week.

“They are in police custody, but officials of all central agencies are also questioning them and trying to find out how they stole the data,” the official said.

In a blog post by American cybersecurity and intelligence agency, Resecurity, in October, it was revealed that they discovered a breach wherein a threat actor named 'pwn0001' listed access to 815 million 'Indian Citizen Aadhaar & Passport' records for sale on Breach Forums on 9 October.

Earlier in the same month, Resecurity's HUNTER (HUMINT) unit detected millions of personally identifiable information records, including Aadhaar cards, belonging to Indian citizens being offered for sale on the Dark Web.

"The total number of the affected citizens is a matter of in-depth investigation by authorities, but the concerning fact that the data is valid and sensitive," Resecurity had said.

In a press conference held in Bhopal last month, Rajeev Chandrasekhar, the Union Minister of State for Electronics and IT, said that, “There is evidence of leakage and investigation is going on, but the data was not stolen. Various departments had Covid-related data pertaining to testing, vaccination, diagnosis, etc. Several people were given access for these databases. There is evidence of a leakage there. Investigation is on".