The government’s Computer Emergency Response Team (CERT) is currently investigating reports of a data leak on the dark web that allegedly exposed the confidential information of over 80 crore Indians. The leaked data is said to include names, phone numbers, passport numbers, and Aadhaar numbers. Junior IT Minister Rajeev Chandrasekhar confirmed that CERT is looking into the matter.
Chandrasekhar did not disclose the exact size of the alleged leak but emphasized that the government is committed to ensuring the security of private data. This includes data collected by the government for administrative purposes as well as data collected by businesses for commercial reasons. He stated that the government aims to maintain a “bulletproof” ecosystem for data protection.
While expressing his displeasure with the situation, Chandrasekhar refrained from speculating on the size of the leak and stated that he would wait for CERT to submit its report before commenting further. He added that CERT’s investigation aims to determine what data was leaked, where it was leaked from, and the cause of the leak, whether it was due to a hack or an operating system vulnerability.
Chandrasekhar acknowledged that transitioning to a secure data storage system would take time, especially considering the large amounts of data, including legacy data, accumulated over the years. He recognized the need for all entities, including the government and small businesses, to adjust to the new framework that places more responsibility and accountability on data collection, storage, and access.
Earlier this month, Resecurity, a global cybersecurity solutions provider based in the United States, reported that millions of personally identifiable information (PII) records, including Aadhaar cards, belonging to Indian residents were being offered for sale on the dark web. The data being sold also included age, gender, and addresses of millions of Indian citizens. Resecurity also mentioned a previous leak in August that involved 1.8TB of data from an unnamed Indian law enforcement organization.
It is important to note that there were several instances of Aadhaar leaks last year, highlighting the need for improved data security measures. The government, along with CERT, is determined to address these issues and create a secure and responsible data management system.
