A massive data breach that has implications for national security was unearthed by the Cyberabad Police in Hyderabad, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations, including details of defence personnel as well as the personal and confidential data of about 16.8 crore citizens.
The accused persons were found selling more than 140 different categories of information, which include sensitive information such as details of defence personnel and the mobile numbers of citizens and NEET students, among others, Cyberabad Police Commissioner M Stephen Raveendra told reporters on Thursday.
Seven data brokers were arrested from Delhi, the police said, adding that the accused had been operating through three companies (call centres) in Noida and other places. So far it has been found that the accused sold data to at least 100 fraudsters. Investigations are still on, police said.
Sensitive data of defence personnel containing their ranks, email ids, place of posting, etc was found available with the accused, Commissioner Raveendra said.
"This will have serious national security implications. The data of defence and government employees can be used for espionage; to impersonate them and commit serious offences that may jeopardise national security. We are in the process of finding out how this data got leaked and who are the insiders who are doing it," he added.
The accused were also found selling information in categories such as energy and power sector, PAN card data, government employees, gas and petroleum, HNIs (high net-worth individuals), demat accounts, student databases, women databases, data of people who have applied for loans and insurance, and credit card and debit card holders (of private banks), WhatsApp users, Facebook users, IT organisation employees, frequent flyers etc.
The arrested accused were selling the data through a search engine company and similar platforms, the police said. These accused aggregated the data leaked from different organisations and having registered themselves as service delivery agents sold the data to cyber criminals after sending them sample data, police said.
The matter came to light after a complaint was lodged with the cyber crime wing of Cyberabad police about the sale and purchase of confidential and sensitive data, even as the police had also been investigating how cyber criminals were getting access to data.
The data of NEET students, with their names, mobile number and their residential address, was also found with the accused. A PAN card database containing sensitive information on the income, email ids, phone numbers, address of citizens was also found.
Government employees' names, mobile numbers, categories, dates of birth etc were also found in a database, apart from a list of gas and petroleum companies with similar details of their staff, Raveendra said.
As many as 1.2 crore WhatsApp users and 17 lakh Facebook users had also been targeted in the data theft, with information on login id, IP, city, age, email id, phone number etc found in the possession of the accused, the police said.
Further, a mobile number database of three crore individuals, probably leaked from telecom service providers, with order number, service start date, segment details, billing details account number, SIM number etc was also found, which can be used for committing various crimes, the commissioner said.
The sensitive data that has been leaked can be used for unauthorised access to important organisations and institutions. The data related to PAN card can be used to commit serious financial offences. It is being used to commit a large number of cybercrimes whereby the perpetrators gain the confidence of victims by disclosing such information, the police added.