Cyberabad Police discovered a massive data breach with national security implications, arresting seven members of a gang allegedly involved in the theft and sale of sensitive data from the government and important organisations, including details of defence personnel as well as personal and confidential data of approximately 16.8 crore citizens, news agency PTI reported.
The accused were discovered selling more than 140 different categories of information, including sensitive information such as the personal information of defence personnel and the mobile numbers of citizens and NEET students, among other things, Cyberabad Police Commissioner M Stephen Raveendra told reporters on Thursday.
According to authorities, seven data brokers were detained in Delhi, and the suspects were operating via three organisations (call centres) in Noida and other locations. So far, it has been discovered that the accused sold data to at least 100 fraudulent individuals. According to authorities, the investigation is still ongoing.
Sensitive data of defence personnel, including their ranks, email addresses, and places of posting, was discovered with the accused, according to Commissioner Raveendra.
"This will have serious national security implications. The data of defence and government employees can be used for espionage; to impersonate them and commit serious offences that may jeopardise national security. We are in the process of finding out how this data got leaked and who are the insiders who are doing it," he was quoted by PTI in its report.
Additionally, it was discovered that the accused were selling data related to the power and energy industries, PAN card data, government employees, the gas and petroleum industries, HNIs (High Net-worth Individuals), demat accounts, student databases, women databases, data of people who had applied for loans and insurance, credit card and debit card holders (of private banks), WhatsApp users, Facebook users, IT organisation employees, frequent flyers, etc.
According to investigators, the detained suspects were selling the data on websites run by search engine companies and other businesses. According to the authorities, the accused combined the information stolen from several organisations and, after registering as service providers, sold it to online criminals after providing them with test data.
Since the authorities were also looking into how cybercriminals were gaining access to data, a complaint was made to the Cyber Crime section of the Cyberabad Police regarding the sale and acquisition of sensitive and personal data.
Also, the accused had access to the NEET students' contact information, including names, cellphone numbers, and residence addresses. Furthermore discovered was a PAN card database holding private data about residents' addresses, phone numbers, email addresses, and income.
Along with a list of Gas and Petroleum firms with comparable information on their workforce, Raveendra revealed that a database also had the names, mobile numbers, categories, dates of birth, and other information of government employees.
According to authorities, the data theft also targeted 17 lakh Facebook users and up to 1.2 crore WhatsApp users. The offender was discovered to have the login information, IP address, city, age, email address, and other details in their hands.
In addition, the Commissioner said that a database of three crore mobile numbers that included order number, service start date, segment details, billing details account number, SIM number, and other information was discovered. This database was likely compromised by telecom service providers and could be used to commit a variety of crimes.
The sensitive material that has been disclosed can be utilised for unlawful access to significant organisations and institutions. Serious financial offences can be committed with PAN card data. According to the authorities, it is employed in a lot of cybercrimes where the offenders earn the trust of the victims by divulging such information.