Massive ‘data breach’
AMERICAN cybersecurity firm Resecurity has claimed that the personal information of 81.5 crore Indian citizens is available for sale on the dark web. According to the firm, a ‘threat actor’ advertised Aadhaar card details which were purportedly extracted from the Covid-19 test records of people who got themselves registered with the Indian Council of Medical Research. The disclosure has raised concerns about the safety and privacy of citizens’ data in India. A thorough probe is required to get to the bottom of what is being termed as the country’s most extensive data breach.
The US firm’s report comes just a couple of months after India enacted the Digital Personal Data Protection Act, which provides for the processing of digital personal data in a manner that recognises both the right of individuals to protect their data and the need to process it for lawful purposes. It is alarming that India accounted for 20 per cent of the 2.29 billion records which were exposed worldwide in data breach incidents in 2022. In June this year, the government had rejected media reports claiming breach of data of Covid vaccine recipients from the Co-WIN portal of the Health Ministry.
Data protection has a long way to go in India, with the hackers usually managing to stay ahead of the curve. Besides probing data breaches, the Indian Computer Emergency Response Team (CERT-In) should provide cybersecurity solutions that can prevent the recurrence of such incidents. The citizens, who unsuspectingly share their personal details with public and private agencies, need comprehensive protection from identity theft, online fraud and other forms of cybercrime. Hopefully, Resecurity’s alert will lead to measures aimed at enhancing data security. Whether the latest legislation has adequate safeguards to deal with the emerging threats and challenges will be known sooner than later.