India’s Massive Data Breach, Details Of 16.8 Crore Citizens Leaked
Sensitive data of defence personnel containing their ranks, email ids, place of posting, etc was found available with the accused, Commissioner Raveendra said. Seven data brokers were arrested from Delhi, police said adding that the accused had been operating through three companies (call centres) in Noida and other places. So far it has been found that the accused sold data to at least 100 fraudsters, who used it for committing cyber crimes. Investigations are still on, police said.
Sensitive data of defence personnel containing their ranks, email ids, place of posting, etc was found available with the accused, Commissioner Raveendra said.
Students details
The data of NEET students, with their names, mobile number and their residential address, was also found with the accused. A PAN card database containing sensitive information on the income, email ids, phone numbers, address of citizens was also found.
Social media users
As many as 1.2 crore WhatsApp users and 17 lakh Facebook users had also been targeted in the data theft, police said. Police also found data pertaining to two crore students, 12 lakh CBSE Class 12 students, 40 lakh jobseekers, 1.47 crore car owners, details of 11 lakh government employees and 15 lakh IT professionals among others.
Further, a mobile number database of three crore individuals, probably leaked from telecom service providers, was also found, the Commissioner said.
The sensitive data that has been leaked can be used for unauthorised access to important organisations and institutions. The data related to PAN card can be used to commit serious financial offences. It is being used to commit a large number of cyber crimes whereby the perpetrators gain the confidence of victims by disclosing such information, police added. PTI VVK VVK ANE VVK 3/14/2023 KH
DCP statements
DCP (Cybercrime Wing) Ritiraj said a complaint was lodged with the Cyber Crime wing of Cyberabad Police about the sale and purchase of confidential and sensitive data, even as police had also been investigating how cyber criminals were getting access to data. Police have been working on the case for the past two months.
Deputy Commissioner of Police (Crimes) Cyberabad Police Kalmeshwar Shingenavar said that during investigations it was found that private organisations are collecting data both with consent and without the knowledge of individuals. There is no data privacy or protection policy offered by most of these private organisations who possess and process the data of individuals, he said.
Conclusion
The arrested accused were selling the data through a contact details directory service provider and similar platforms, police said, adding that during the course of the investigation it was found that the accused had sold data of 50,000 citizens for as low as Rs 2,000.
The accused had aggregated the data leaked from different organisations and, having registered themselves as service delivery agents, sold the data to cyber criminals, police said.