Cyberabad Police have uncovered a significant data breach with serious national security ramifications, leading to the arrest of seven individuals suspected of stealing and selling sensitive information from government entities and major organizations. Among the compromised data are the details of approximately 2.55 lakh defense personnel and the confidential personal information of around 16.8 crore citizens nationwide.
According to Cyberabad Police Commissioner M Stephen Raveendra, the arrested suspects were found distributing over 140 categories of sensitive information, including details pertaining to defense personnel and contact numbers of citizens and NEET students.
Authorities apprehended the data brokers in Delhi, revealing that the suspects operated from three call centers located in Noida and other regions. Initial investigations indicate that the suspects have sold data to at least 100 cybercriminals, who allegedly utilized it for various cyber offenses. The investigation remains ongoing.
The compromised data included sensitive information such as ranks, email addresses, and postings of defense personnel, which Commissioner Raveendra stated could pose significant risks to national security. He emphasized that such breaches could facilitate espionage or lead to impersonation of government employees, resulting in severe offenses that could undermine national interests. The police are actively looking into how this information was leaked and identifying any insiders involved.
The data was sold through directory services and similar platforms. It was discovered during the investigation that data on 50,000 citizens was sold for merely Rs. 2,000.
Notices will be issued to the service providers, who will be scrutinized, and legal actions will follow, as per police statements.
Police elaborated on the modus operandi, explaining that individuals calling toll-free numbers from various service sectors had their inquiries logged and sent to relevant service providers. The suspects then contacted potential clients, provided data samples, and facilitated transactions if clients decided to purchase the information.
The accused aggregated data from multiple organizations, branding themselves as service delivery agents to sell the information to cyber criminals, police indicated.
A complaint had been filed with the Cyber Crime Wing of the Cyberabad Police about the illicit sale and purchase of confidential data, while ongoing investigations continued to uncover how these cyber criminals accessed sensitive information. Authorities have dedicated two months to this case.
Deputy Commissioner of Police (Crimes) Kalmeshwar Shingenavar stated that the investigation revealed private organizations collecting data both with consents and without individuals’ awareness. Many of these organizations lack proper data privacy and protection policies for handling individuals’ information.
The data sold by the suspects included various sectors, such as the energy and power industries, PAN card information, data of government employees, and details of high-net-worth individuals, students, loan and insurance applicants, as well as users of credit and debit cards, WhatsApp, and Facebook. Data on NEET students, including names, mobile numbers, and addresses, was also among the findings. Additionally, sensitive PAN card information, including income details and personal contact information, was discovered.
Police reported that approximately 1.2 crore WhatsApp users and 17 lakh Facebook users were targeted in the data breach. Other notable figures included data for two crore students, 12 lakh CBSE Class 12 students, 40 lakh job seekers, and details on 1.47 crore car owners, 11 lakh government employees, and 15 lakh IT professionals.
Moreover, a database containing mobile numbers of three crore individuals, likely leaked from telecom providers, was found in the possession of the suspects.
The leaked sensitive information has the potential to facilitate unauthorized access to critical institutions and organizations. The stolen PAN card data can lead to severe financial crimes, as perpetrators often exploit such information to gain victims’ trust in various scams, police noted.
