Massive Data Breach, Data of 1.2 Million WhatsApp Users, Data of 2.55 Million Defense Personnel, 16.8 Cr Citizen Leak, Gang Arrested: Cyberabad Police

Jim HendlerMarch 24, 23 Cyber, Privacy, Security, WhatsApp

The Cyberabad police here unearthed a massive data breach with national security implications and arrested seven people from a gang allegedly involved in stealing and selling sensitive information of the government and important organizations, including that of 2.55 lakh defense personnel. as personal and confidential information of approximately 16.8 million citizens across the country.

The accused persons were found to be selling over 140 different types of information containing sensitive information such as details of defense personnel and mobile numbers of citizens and NEET students among others, Cyberabad Superintendent of Police Stephen Raveendra told reporters here on Thursday.

Seven informants were arrested from Delhi, police said, adding that the accused had operated through three companies (call centers) in Noida and other places. So far, it has emerged that the defendants have sold information to at least 100 fraudsters, who used it to commit cybercrimes. The investigation is still ongoing, the police say.

Sensitive information about defense personnel, including their rank, email address, posting etc., was found on the accused, Commissioner Raveendra said.

“This has serious implications for national security. The information of defense and government employees can be used for espionage; to impersonate them and commit serious crimes that could endanger national security. We are currently investigating how this information was leaked and who are the insiders behind it,” he added.

The arrested accused were selling information through contact directory service and similar platforms, the police said, adding that during investigation, it was found that the accused had sold information of 50,000 citizens for as low as Rs 2,000.

Notifications will be sent to the service providers and they will be investigated and legal action will also be initiated against them, the police say.

“When a person calls the toll-free numbers of the service providers for confidential information of individuals related to any industry or category, his query is listed and sent to the service providers of that category. Then these scammers contact customers and send them samples. If the customer agrees to buy, he pays and the information is provided to him,” the police said about the procedure.

The accused had gathered the information leaked from various organizations and registered as a service provider and sold the information to cybercriminals, the police say.

DCP (Cybercrime Wing) Ritiraj said that a complaint has been lodged with Cyberabad Police’s Cybercrime Wing about the sale and purchase of confidential and sensitive information, even as the police had also investigated how cybercriminals accessed the information. The police have been working on the case for the past two months.

Deputy Commissioner of Police (Crime), Cyberabad Kalmeshwar Shingenavar said investigations found that private organizations are collecting data both with permission and without the knowledge of individuals. Most of these private organizations that hold and process individuals’ data do not offer privacy or security policies, he said.

The accused were also found to be selling information such as energy and electricity sector, PAN card details, government employees, gas and oil, HNIs (High Net-worth Individuals), demat accounts, student databases, women databases, information about people who have loans and insurance applicants and credit and payment card holders (of private banks), WhatsApp users, Facebook users, employees of IT organizations, regular customers, etc.

The accused also found the information of NEET students with their names, mobile phone numbers and residential addresses. A PAN card database containing sensitive information about citizens’ incomes, email addresses, phone numbers and addresses was also found.

As many as 1.2 million WhatsApp users and 17,000 Facebook users had also been compromised, police said. The police also found details of two lakh students, 12 lakh CBSE Class 12 students, 40 lakh job seekers, 1.47 lakh car owners, details of 11 lakh government employees and 15 lakh IT professionals.

In addition, a database of mobile phone numbers of three million people was found, which is likely to have been leaked by telecom service providers, the commissioner said.

Leaked sensitive information can be used to gain unauthorized access to important organizations and institutions. Information related to the PAN card can be used for serious financial crimes. It is used to commit various cyber crimes where the perpetrators gain the trust of the victims by disclosing such information, the police added.

Read all the Latest Tech News here.