Biggest data theft in world history takes place in India.
In a major breakthrough, the Cyberabad Police of Hyderabad City, Telangana, has arrested a gang involved in the massive data theft and sale of sensitive and confidential data of government agencies, important organizations, and over 16.8 crore Indian citizens. The data includes personal information, social media profiles, and data from financial and insurance sectors. The accused were selling data under more than 140 different categories, including details of defense personnel, mobile numbers of citizens, database of students, women, and government employees.
The main accused, Kumar Nitish Bhushan, was taken into custody and admitted to making a living by selling the siphoned data. During interrogation, it was discovered that the accused had purchased expensive mobile phones, gold jewelry, diamonds, a luxury car, and was also constructing a house in Delhi NCR. The suspects operated through registered and unregistered three companies – Data Mart Infotech, Global Data Arts, and MS Digital Grow.
The investigation found that the siphoned data included information from major companies such as Flipkart, Amazon, BigBasket, Airtel, Vodafone, GST Taxpayers, UpStox Community, CRED Database, Dominos Pizza, LinkedIn, Policy Bazar, and some gambling and betting websites. Information from social media platforms such as WhatsApp and Facebook was also found. About 1.2 crore WhatsApp users’ data and the details of 17 lakh Facebook users, including their age, email IDs, and phone numbers, were recovered by the police.
The data also included sensitive information of armed forces personnel and some government employees holding bureaucrat status, posing a significant threat to national security. A special cyber-crime team has been assigned to investigate the information theft from an espionage angle. The police commissioner said that data related to PAN cards was used to commit a large number of cybercrimes by gaining the confidence of the victims by disclosing the information.
The accused registered themselves on a popular service search platform named JustDial and started selling the data, as per the demand. JustDial has been found guilty of supplying personal information of online users to prospects, and legal action will be taken against the company.
The investigation is ongoing, and the police are concerned that the mobile number database of three crore individuals leaked from telecom service providers could be used for various crimes. Credit card and debit card data of reputed financial institutions was also found in the possession of the suspects.
This incident highlights the increasing threat of data breaches and the need for stricter regulations to protect personal information. Companies and individuals must take cybersecurity seriously and implement robust measures to safeguard sensitive data.