Disclaimer: Copyright infringement not intended.

Context

• An American cybersecurity company, Resecurity, disclosed that the personally identifiable information (PII) of 815 million Indian citizens, including sensitive details like Aadhaar numbers and passport information, had been compromised and was being sold on the dark web by a threat actor known as pwn0001.

Details

Personally Identifiable Information (PII)

• Definition of PII: Personally Identifiable Information (PII) refers to data that can identify an individual, including direct identifiers such as passport information and quasi-identifiers that, when combined, can reveal a person's identity.
• Details of Compromised Information: The compromised data included Aadhaar numbers, which are unique 12-digit individual identification numbers issued by the Unique Identification Authority of India (UIDAI) on behalf of the Indian government. The threat actor "pwn0001" was found to be selling this data.
• Additional Compromised Information: Another threat actor named "Lucius" claimed to have access to a more extensive array of PII data, including voter IDs and driving license records, which raises concerns about the extent of the breach.

Access to Sensitive Data by Threat Actors

• Unclear Origins of Data Breach: The threat actors involved in selling the data have not provided specific information on how they obtained the data, making it difficult to pinpoint the source of the breach.
• Claims of Data Access: "Lucius" claimed to have access to a 1.8 terabyte data leak impacting an unnamed "India internal law enforcement agency," although the authenticity of this claim is yet to be verified.

Security Measures and Government Response

• Investigation by India's Computer Emergency Response Team (CERT-In): India's CERT-In is actively investigating the reported data leak, although the government has not confirmed the size of the breach.
• Challenges in Data Security: India's junior IT minister, Rajeev Chandrasekhar, acknowledged the challenges in transitioning to a robust data security infrastructure, citing previous instances of data leaks, including those related to Aadhaar and the PM Kisan website.

Threats Arising from the Leaked Information

• Increased Cyberattacks: India has witnessed a significant rise in disruptive cyberattacks, leading to heightened risks of digital identity theft and cyber-enabled financial crimes.
• Vulnerability to Identity Theft: With India ranking fourth globally in malware detection, the leaked information poses a serious threat, enabling threat actors to carry out various malicious activities, including online-banking theft and tax frauds.
• Impact of Unrest in West Asia: Recent disturbances in West Asia have exposed personally identifiable data, exacerbating the risk of identity theft and other cyber threats.

Safeguarding Personal Information: User Measures

• Check for Personal Data Leaks: Users are advised to ascertain whether their information has been compromised in the data breach.
• Exercise Caution with Emails and Accounts: Vigilance is crucial, especially when dealing with emails from unknown sources, as stolen information may be used for phishing campaigns and brute force attacks.
• Implement Two-Factor Authentication: To enhance security, users should enable two-factor authentication for all their online accounts and promptly report any suspicious activity to the authorities.
• Be Mindful of Security Upgrades: Regularly updating security measures and staying informed about emerging threats is essential for safeguarding personal information.

Download PDF