ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.
Source: This post on the recent ICMR Data breach has been created based on the article “How the personal data of 815 million Indians got breached” published in The Hindu on 7th November 2023.
UPSC Syllabus Topic: GS Paper 3 Internal Security – Basics of cyber security.
News: This article discusses the
A detailed article on the ICMR Data Breach can be read here.
Recently, an American cyber security company said that personally identifiable information of 815 million Indian citizens, including Aadhaar numbers and passport details, were being sold on the dark web. The threat actors selling the data claimed it was sourced from the Indian Council of Medical Research (ICMR).
What is Personally Identifiable Information (PII)?
Personally Identifiable Information or PII is information that when used alone or with other relevant data, can identify an individual.
PII may be direct identifiers like passport information or quasi-identifiers that can be combined with other information to successfully recognise an individual.
What was the government’s response?
India’s IT Minister for State shared that Computer Emergency Response Team (CERT-In) is investigating reports of the data leak. He said the government ecosystem will take time to transition to a bullet proof set-up, one which manages data and keeps it in a safe and responsible manner.
UIDAI says that all Aadhaar holders’ data is safe and secure in the Central Identities Data Repository (CIDR) of UIDAI and that they have never been breached in all its years of existence. It further added that UIDAI uses advanced security technologies to keep data safe and keeps upgrading them to meet emerging security threats and challenges.
What can users do to safeguard their personal information?
- Users should approach emails for unknown sources with caution as stolen information may be used to target users in phishing campaigns.
- It is advised to change existing user IDs and passwords to ensure that stolen data cannot be used for launching cyberattacks.
- Users should also implement two-factor authentication for all their accounts and inform the authorities concerned in case they notice any suspicious activity in their online accounts.
Question for practice:
‘Digital India’ requires a strong focus on cybersecurity; however, several challenges still remain. Discuss with reference to the recent ICMR data breach.
