PERSONALITY IDENTIFIABLE INFORMATION (PII)

Recently, a revelation by Resecurity, an American cybersecurity firm, disclosed that personally identifiable information (PII) of 815 million Indian citizens, encompassing Aadhaar numbers and passport details, was available for purchase on the dark web. Threat actors were ready to sell this data for $80,000, marking a significant breach of sensitive information.

2. About Personally Identifiable Information (PII)

• PII is information that can be used to identify an individual. This can include things like your name, address, phone number, email address, Social Security number, and passport number.
• PII can also include information that is not directly identifiable, but can be used to identify you when combined with other information. For example, your IP address, your browser type, and your browsing history can all be used to identify you.
• PII comprises information that, when combined, can identify an individual. In this case, it included Aadhaar numbers, unique 12-digit identification numbers issued by the UIDAI on behalf of the Indian government. Another threat actor named "Lucius" claimed access to a more extensive array of PII, including voter IDs and driving license records.
• The threat actors declined to specify how they gained access to the data, hindering the identification of the data leak's source. "Lucius" claimed access to a 1.8 terabyte data leak from an unnamed "India internal law enforcement agency." However, the authenticity of this claim remains unverified.

3. Government Response and Investigation

• India's junior IT minister, Rajeev Chandrasekhar, confirmed the Computer Emergency Response Team's investigation into the alleged data leak.
• The government is undergoing the arduous task of moving vast amounts of data, including legacy records, to secure storage. However, the actual size and confirmation of the alleged leak were not provided.
• While the government denies prior biometric data leaks from Aadhaar, Chandrasekhar highlighted the ongoing transition towards a more secure data management system.
• However, instances of significant leaks, such as farmer data from the PM Kisan website appearing on the dark web, have raised concerns about data security.

4. Threats Arising from Leaked Information

• The continuous leakage of Aadhaar IDs and their appearance on underground cybercriminal forums pose risks of digital identity theft.
• With India ranking high in malware detection, there's an increased threat of cyber-enabled financial crimes, tax frauds, and online banking theft.
• Users are advised to ascertain if their information was part of the leaked data. Caution is urged in handling emails from unknown sources to avoid phishing campaigns.
• Changing user IDs and passwords, implementing two-factor authentication, and reporting suspicious online activities to authorities are recommended measures to safeguard personal information.

5. Conclusion

The Aadhaar data leak is a serious security breach that could have a devastating impact on millions of Indian citizens. It is important for individuals to take steps to protect their PII and for the government to continue to improve the security of its databases.