Data breach at the Indian Council

of Medical Research (ICMR)

Gokul Prakash
What is a Cyber Attack

●
Cyber attack refers to the deliberate exploitation of computer systems, networks, or
technologies with the intent to compromise the confidentiality, integrity, or availability of
information. These attacks can target various elements of the digital ecosystem, including
computers, servers, networks, and the data stored within them. Cyber attacks can take
many forms, and they are typically carried out by individuals, groups, or organizations with
malicious intent.
Data breach at the Indian Council of Medical Research
(ICMR) exposes 81.5 crore records.
What Happened:

In October 2023, a massive data breach occurred at the Indian Council of Medical Research
(ICMR), exposing the personal information of over 81.5 crore Indian citizens.The data breach
was first reported by a US cybersecurity firm.The threat actor responsible for the breach
offered to sell the data on the dark web.The ICMR website has been taken offline for
maintenance.This is one of the largest data breaches ever to occur in India.
The compromised data reportedly included sensitive information such as:

●
Names
●
Addresses
●
Phone numbers
●
Aadhaar numbers
●
Passport details
How it Happened:

The exact details of how the breach occurred are still under investigation. However, it is
believed that hackers gained access to ICMR's servers and stole the data. Some reports
suggest that the breach may have been caused by a misconfigured database.The analysts
also managed to connect with the threat actor however, the threat actor declined to specify
how they obtained the data.

Impact:

The data breach has had a significant impact on millions of Indian citizens. The exposed
information could be used for identity theft, phishing attacks, and other forms of cybercrime.
The breach has also raised concerns about the security of personal data in India and the
government's ability to protect it.
Aftermath:

The Indian government is investigating the data breach and has taken steps to mitigate
the damage. The government has advised citizens to be vigilant and to monitor their
accounts for suspicious activity. The government has also promised to improve the
security of personal data in India.

Conclusion:

the data breach at the Indian Council of Medical Research (ICMR) serves as a stark
reminder of growing threat posed by cybercrime.The incident highlights the pressing
need for proactive steps to be taken by organizations in safeguarding personal
information,including continually update their cybersecurity strategies,conducting
regular vulnerability assessments, and invest in technologies and practices that
address the dynamic landscape of cyber threats.
Resources used :

●
https://health.economictimes.indiatimes.com/news/health-it/icmr-data-leak-reveal
s-personal-info-of-81-5-cr-indians-report/104838324
●
https://www.livemint.com/news/india/nearly-6-000-attempts-to-hack-icmr-server-
thwarted-on-30-nov-website-safe-11670342847017.html
●
https://health.economictimes.indiatimes.com/news/health-it/from-aiims-delhi-to-
icmr-data-breaches-haunt-crores-of-indians/105173060
●
https://content.techgig.com/