Only days after the Bharat Interface Money (BHIM) came under fire due to news of a massive data breach, thousands of Indians are once again confronted by another major leak involving their national IDs.
On Wednesday, cyber intelligence firm Cyble revealed it has discovered over 1 lakh scanned copies of national IDs belonging to Indians on sale on the dark web. According to the firm, among the exposed IDs include Indians’ Aadhaar cards, PAN cards, and passports.
“We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the dark net. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest — and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India,” Cyble explained.
As noted by the firm, preliminary investigation shows that the leaked data originated from a third-party source and not from the government system. Copies of the scanned documents also suggest that the data may have been leaked from a company’s database in the segment where they must comply with the ‘Know Your Customer’ (KYC) norms.
In an effort to help mitigate the risks of the leak, Cyble has advised people to refrain from sharing their personal information, especially financial information, through phone, e-mail, or SMS.
“Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately,” the company added.
This is not the first time that a major data leak has hit a broad number of Indian citizens.
Just recently, vpnMentor discovered a data breach affecting over 7 million BHIM or Bharat Interface Money users. Among the details exposed include the users’ financial details, photos, Aadhaar cards, and PAN cards.
“The exposure of private data may also contribute to a broader deterioration of trust between the Indian public, government bodies, and technology companies. Data privacy is a huge concern for people from all sections of society, and many people could be reluctant to adopt a software tool linked to such a scandal," vpnMentor said at the time.
In May this year, Cyble also revealed two incidents where personal data of 7.65 crore Indians have been put on sale on the dark web. According to the cyber intelligence firm, the first one involves stolen data of 4.75 crore Indians sourced from online directory Truecaller, while the second incident covers the personal information of Indians taken from job sites.
Truecaller, however, had denied the data breach.
