The Delhi Police apprehended four individuals from different states in connection with the data leak case related to the Indian Council of Medical Research, as reported by The Indian Express on Monday. The arrest follows an investigation by central intelligence agencies, which revealed that personal information, including Aadhaar and passport records, of more than 81 crore Indians had purportedly been leaked from the Indian Council of Medical Research's data bank and offered for sale on the dark web over two months ago.
According to an unidentified official from a central agency, the case was initially reported to the Indian Computer Emergency Response Team (CERT-In), a nodal agency under the Union Ministry of Electronics and Information responsible for addressing computer security incidents.
Upon verification by relevant departments, CERT-In discovered that data from approximately 1 lakh individuals was showcased as a sample. Subsequently, 50 individuals were chosen for verification, and their details were found to match, prompting authorities to launch a comprehensive investigation. The Delhi Police officially registered a First Information Report earlier this month in response to the data leak.
The four arrested individuals, identified as a Bachelor of Technology graduate from Odisha, two school dropouts from Haryana, and one from Jhansi, were apprehended last week and presented before a Delhi court. The court ordered them into seven days of police custody. An officer involved in the case revealed that during initial questioning, the accused individuals claimed to have met on a gaming platform three years ago and decided to exploit the data for quick monetary gains.
Moreover, the accused individuals asserted that they had also stolen data from the Federal Bureau of Investigation in the United States and the Computerised National Identity Card, Pakistan's equivalent of Aadhaar. Despite being in police custody, officials from various central agencies are actively interrogating the arrested individuals to ascertain the methods employed in the data theft.
In November, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar acknowledged evidence of data leakage but emphasizsed that it was not a case of theft. The recent arrests prompted allegations from Trinamool Congress MP Saket Gokhale, who accused the government of providing false information regarding a data breach in response to his query in the Rajya Sabha. On December 8, Chandrasekhar informed Parliament that while there had been no breach of Aadhaar data from the Central Identities Data Repository maintained by the Unique Identification Authority of India (UIDAI), there were 165 instances of data breaches affecting Indian citizens between January 2018 and October 2023.