 "Over 100,000 scanned ID copies of Indians put on dark net for sale: Cyble")
According to a report by cyber intelligence firm Cyble, the leaked data seems to have originated from a third party and not from the government system.
"We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the dark net. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest -- and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India," Cyble said.
The personal data leaked by cyber criminals leads to various nefarious activities such as identity thefts, scams, and corporate espionage. Many criminals use the personal details in the IDs to win trust of the people over a phone call for fraudulent activities.
The Cyble researchers acquired around 1,000 IDs from the seller and confirmed that the scanned IDs belong to Indians.
"Preliminary analysis suggests that the data originated from a third party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further -- we are hoping to share an update soon," Cyble said.
The scanned ID documents indicate that the data may have been leaked from a company's data base in the segment where they have to comply with 'Know Your Customer' (KYC) norms.
"Cyble researchers have also learned about a surge in KYC and banking scams -- leaks such as this are often used by scammers to target individuals, especially elderlies," Cyble said.
The cyber intelligence firm has recommended people to refrain from sharing personal information especially financial information over phone, e-mail or SMS.
"Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately," the company said.
In May, Cyble showed two instances where personal data of 7.65 crore Indians have been put on sale in the dark web. In one instance, the seller claimed to have sourced data of 4.75 crore Indians from online directory Truecaller and in other, the seller claimed to have sourced from job websites.
Truecaller, however, had denied the claim of breach in its database.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app