Largest Indian Data Leak: 815 Million People’s COVID Test Data on Sale, Samples Verified
- October 31, 2023
- Posted by: OptimizeIAS Team
- Category: DPN Topics
No Comments
Largest Indian Data Leak: 815 Million People’s COVID Test Data on Sale, Samples Verified
Subject :Science and Tech
Section: AWARENESS IN IT
Context:
- The COVID information of nearly 815 million citizens of India has leaked. This is likely the largest data leak in India till date.
Details:
- The data was held by the Indian Council for Medical Research (ICMR).
- Data leak was noticed by the American cybersecurity and intelligence agency, Resecurity.
- The ICMR COVID-19 test samples amounted to over 90 GB according to the breach forum sale post. The file was available in XIP-CSV format.
- The Indian Computer Emergency Response Team (Cert-In) has alerted the ICMR about the data breach.
The information in the COVID test data sale included:
- Names
- Phone numbers
- Addresses
- Passport information
- Aadhaar card
CERT-In:
- Formed in 2004 under the Information Technology Act, 2000.
- The Indian Computer Emergency Response Team (CERT-In or ICERT) is an office within the Ministry of Electronics and Information Technology of the Government of India.
- It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain.
- CERT-IN has overlapping responsibilities with other agencies such as National Critical Information Infrastructure Protection Centre (NCIIPC) which is under the National Technical Research Organisation (NTRO) that comes under the Prime Minister’s Office and the National Disaster Management Authority (NDMA) which is under Ministry of Home Affairs.
Indian initiatives for cyber security:
- National Cyber Security Strategy
- Cyber Surakshit Bharat Initiative.
- Cyber Swachhta Kendra.
- Online cybercrime reporting portal.
- Indian Cyber Crime Coordination Centre (I4C).
- National Critical Information Infrastructure Protection Centre (NCIIPC).
- Information Technology Act, 2000.
Dark web or Darknet:
- The darknet is a part of the internet that cannot be accessed through traditional search engines like Google nor is it accessible by normal browsers like chrome or safari.
- Darknet is a part of the deep web, but the deep web is accessible whereas the darknet is deliberately hidden.
- It uses non-standard communication protocols which make it inaccessible to internet service providers (ISPs) or government authorities.
- The content of darknet is encrypted and requires specific browsers such as TOR (The Onion Ring), FreeNet, Invisible Internet Project (I2P), TAILS (The Amnesic Incognito Live System), Whonix browser to access those pages.
Source: CyberExpress