In a concerning development, it has come to light that millions of personally identifiable information (PII) records, including sensitive Aadhaar cards, linked to Indian residents, are currently being advertised for sale on the Dark Web.
The PII data breach investigation comes in the wake of a recent report from credit-rating giant Moody’s, which raised concerns about the effectiveness of the Aadhaar system’s biometric authentication safeguards. The report additionally cautioned about security and privacy vulnerabilities within Aadhaar’s centralized structure.
The Indian government, however, had vehemently refuted the claims by the American business and financial services company, criticizing the organization for not providing any substantiated data or research to support their assertions.
Moreover, the Press Information Bureau of India had also emphasized that no breaches had been officially reported from the Aadhaar database.
However, a recent investigation into the incident by Resecurity’s HUNTER (HUMINT) unit detected the presence of the extensive database that contained millions of personally identifiable information (PII) records, which notably also include Aadhaar cards that belong to Indian citizens.
Dark Web Revelations: PII Data Breach Actors and Stolen Identities
Resecurity investigators pinpointed two threat actors operating on Breach Forums, offering illicit access to Indian PII and Aadhaar records.
One of them, operating under the alias ‘pwn0001,’ claimed to be in possession of a database containing 815 million Indian citizen Aadhaar and passport records, substantiating this with spreadsheets as evidence.
Concurrently, another threat actor, identified as ‘Lucius,’ advertised a 1.8-terabyte data leak associated with an undisclosed “India internal law enforcement organization,” which encompassed an even wider range of PII data.
The primary sources of this PII data breach appear to be third-party entities, with financial institutions, lending companies, and mobile carriers emerging as prime targets for cyberattacks.
Previous PII Data Breaches: A Troubling Pattern
This isn’t the first time a PII data breach has made headlines.
In September of this year, a hacker forum user known as ‘Hacking’ publicly released Indian taxpayer data, specifically from the website TaxReturnWala.
Hacking’ joined the dark web platform in June 2023, posted 428 times in five months, had a reputation score of 195, and held VIP status. Interestingly, ‘Hacking‘ self-identified as a security researcher in their profile.
Furthermore, in the same year, a substantial data breach occurred in June involving the CoWIN portal, which serves as the primary platform for COVID-19 vaccination registration in India.
This breach risked the personal information of Indian citizens, as the CoWIN portal data became accessible on the messaging app Telegram. As a result of this data leak, the Aadhaar card, Voter ID, and PAN Card details of numerous Indian citizens were exposed, making them easily obtainable to anyone on Telegram.
Furthermore, in the previous year, an enhanced edition of the Android banking trojan known as ‘Drinik’ was detected deceiving Indian taxpayers.
According to reports, the ‘iAssist’ application was infused with the most recent Drinik malware and posed as the Income Tax Department of India. This fraudulent activity specifically targeted 18 Indian banks, among them the State Bank of India.
Rising Threat: Protecting India’s Citizens
Cybercriminals leverage stolen identities to engage in online banking theft, tax refund fraud, and various other cyber-enabled financial crimes.
It has witnessed a surge in incidents involving Aadhaar IDs on underground cybercriminal forums, indicating a growing threat to Indian nationals and residents.
Earlier in August, the government disclosed that a total of 36 websites belonging to ministries and departments at both the central and state government levels had experienced hacking incidents in the initial half of 2023.
Rajeev Chandrasekhar, the Minister of State for Electronics and IT, presented data in the Lok Sabha, revealing that CERT-In had recorded a comprehensive count of 1,12,474 cybersecurity incidents during this period. These numbers speak volumes about the need for robust cybersecurity measures.
Urgent Call for Enhanced Security
These PII data breaches highlight the urgent need for heightened security measures to protect India’s extensive biometric ID system and secure its citizens’ personal information from exploitation by cybercriminals.
“It is critical for all businesses to implement robust cybersecurity solutions capable of detecting and responding to threats in real-time,” Sunil Sharma, Vice President (Sales) at Sophos India & SAARC told The Cyber Express.
“It is also incumbent on each and every individual, in their personal and professional capacities, to maintain constant vigilance and to take precautionary measures to safeguard our collective digital sphere against malicious actors,” he added.
Government bodies, financial institutions, and third-party entities must collaborate on implementing robust security protocols to thwart potential threats and ensure the integrity of the nation’s vast biometric identification system.
A proactive approach is not only crucial for safeguarding individual privacy but also for maintaining the public’s trust in the digital age.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
