A massive data breach that has implications for national security was unearthed by Cyberabad Police here, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations, including details of 2.55 lakh defence personnel as well as the personal and confidential data of about 16.8 crore citizens across the country.
The accused persons were found selling more than 140 different categories of information, which include sensitive information such as details of defence personnel and the mobile numbers of citizens and NEET students, among others, Cyberabad Police Commissioner M Stephen Raveendra told reporters here on Thursday.
Seven data brokers were arrested from Delhi, police said adding that the accused had been operating through three companies (call centres) in Noida and other places. So far it has been found that the accused sold data to at least 100 fraudsters, who used it for committing cyber crimes. Investigations are still on, police said.
Sensitive data of defence personnel containing their ranks, email ids, place of posting, etc was found available with the accused, Commissioner Raveendra said.
“This will have serious national security implications. The data of defence and government employees can be used for espionage; to impersonate them and commit serious offences that may jeopardise national security. We are in the process of finding out how this data got leaked and who are the insiders who are doing it,” he added.
The arrested accused were selling the data through a contact details directory service provider and similar platforms, police said, adding that during the course of the investigation it was found that the accused had sold data of 50,000 citizens for as low as Rs 2,000.
Notices will be sent to the service providers and they will be examined and legal action will be initiated against them also, police said.
“When any individual calls the toll-free numbers of service providers for any sector or category related confidential data of individuals, their query is listed and sent to that category of service providers. Then these fraudsters contact the clients and send them samples. If the client agrees to purchase, they make payment and are provided the data,” police said, explaining the modus operandi.
The accused had aggregated the data leaked from different organisations and, having registered themselves as service delivery agents, sold the data to cyber criminals, police said.
DCP (Cybercrime Wing) Ritiraj said a complaint was lodged with the Cyber Crime wing of Cyberabad Police about the sale and purchase of confidential and sensitive data, even as police had also been investigating how cyber criminals were getting access to data. Police have been working on the case for the past two months.
Deputy Commissioner of Police (Crimes) Cyberabad Police Kalmeshwar Shingenavar said that during investigations it was found that private organisations are collecting data both with consent and without the knowledge of individuals. There is no data privacy or protection policy offered by most of these private organisations who possess and process the data of individuals, he said.
The accused were also found selling information in categories such as Energy and Power sector, PAN card data, Government employees, Gas and Petroleum, HNIs (High Net-worth Individuals), demat accounts, student databases, women databases, data of people who have applied for loans and insurance, and credit card and debit card holders (of private banks), WhatsApp users, Facebook users, IT organisation employees, frequent flyers etc.
The data of NEET students, with their names, mobile number and their residential address, was also found with the accused. A PAN card database containing sensitive information on the income, email ids, phone numbers, address of citizens was also found.
As many as 1.2 crore WhatsApp users and 17 lakh Facebook users had also been targeted in the data theft, police said. Police also found data pertaining to two crore students, 12 lakh CBSE Class 12 students, 40 lakh jobseekers, 1.47 crore car owners, details of 11 lakh government employees and 15 lakh IT professionals among others.
Further, a mobile number database of three crore individuals, probably leaked from telecom service providers, was also found, the Commissioner said.
The sensitive data that has been leaked can be used for unauthorised access to important organisations and institutions. The data related to PAN card can be used to commit serious financial offences. It is being used to commit a large number of cyber crimes whereby the perpetrators gain the confidence of victims by disclosing such information, police added.