New Delhi: Weeks after Delhi Police arrested four men suspected of being involved in the Indian Council of Medical Research (ICMR) data leakage case reported two months ago, the four have been booked in a separate case of “data brokering”, ThePrint has learnt.
As reported by ThePrint earlier, police had initially suspected the accused of trying to sell the leaked data involving ICMR and had arrested them based on inputs that they were allegedly advertising it on social media and looking for potential buyers.
However, the four have now been booked for “data brokering” in a separate case, Delhi Police sources told ThePrint.
“They have been booked in a separate case under Indian Penal Code section 420 (cheating) and sections of the Information Technology Act,” said a senior police officer.
Deputy commissioner of police (Intelligence Fusion and Strategic Operations) Hemant Tiwari added, “Investigation is on in the matter”.
Meanwhile, sources in Delhi Police also told ThePrint that investigation into the ICMR case has been taken up by the Central Bureau of Investigation (CBI).
ThePrint has reached the CBI’s public relations officer (PRO) over email and Delhi Police PRO Kumar Gyanesh on calls and text messages for comment. The report will be updated once a response is received.
‘Data being analysed’
In October, US-based cyber security and intelligence agency Resecurity had claimed that personal identifiable information of about 81.5 crore Indians was leaked on the dark web. “On 9 October, a threat actor going by the name ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million ‘Indian Citizen Aadhaar & Passport’ records’, it added in a blog post.
Resecurity also claimed that when its ‘HUNTER (HUMINT’ unit investigators established contact with the ‘threat actor’, they found that the hackers were asking for $80,000 to sell all of the leaked data. This “threat actor” also claimed the stolen data was derived from Covid-19 test records of Indians, allegedly sourced from the ICMR.
“We have retrieved personal data from these men that they were trying to sell. This data is from various organisations. How they got the data is being probed and the data is being analysed. We suspect that there are other third parties involved,” the source added.
The Delhi Police had taken suo motu cognisance of the alleged ICMR data leak and registered an FIR.
Talking about the four accused in the case, the Delhi Police source quoted above said, “We have retrieved personal data from these men that they were trying to sell. This data is from various organisations. How they got the data is being probed and the data is being analysed. We suspect that there are other third parties involved”.
(Edited by Poulomi Banerjee)
Also read: Lacking ‘modern security strategies’, India sees 28% jump in cost of data breaches in 2023