Update on April 3, 2023: According to the latest updates in the case, the Cyberabad police has discovered that data of 66.9 Crore individuals across 44 categories in 24 states was stolen by a Haryana resident, The New Indian Express reported. The police have arrested the accused Vinay Bharadwaj who had his hands on students’ data from platforms like Byju’s and Vedanta, 1.84 lakh cab users in eight metro cities and 4.5 lakh salaried employees from six cities and Gujarat state.
As per a report by News Meter, the Cyberabad police has also issued notices to companies like Big Basket, Phone Pay, Tech Mahindra, Policy Bazaar and financial institutions like Axis Bank, Bank of Baroda, HDFC, SBI among others seeking a response on the leak of user data.
Originally published on March 24, 2023: In a massive data-theft case in India, the Cyberabad cybercrime police in Telangana arrested members of a gang involved in “procuring and selling” personal data of 16.8 crore individuals and confidential data of government and important organisations, as per a report by Telangana Today.
On March 23, the Cyberabad police tweeted that they busted a gang of ten fraudsters involved in collecting confidential information of account holders from banks and cheating credit card holders.
The Cyberabad Cyber Crime Wing has busted a gang of 10 fraudsters who were involved in stealing confidential bank data & cheating credit card holders. This gang was operating from Delhi & collecting confidential credit card customer data from banks & pic.twitter.com/5YxCWO8Hfp
— Cyberabad Police (@cyberabadpolice) March 23, 2023
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
What data did the gang have?
The police informed that the gang members were found selling information under at least 140 different categories. As per the Telangana Today report, this data included the following information and more:
- Details of defence personnel
- Women and government employees
- Student database
- Loan, insurance, credit, and debit card applicants
- Data of demat account holders and high net-worth individuals
- Mobile numbers of 3 crore citizens
- Data of 1.20 crore WhatsApp users
- Age, email-id, phone number, login IP of 17 lakh Facebook users
- Database of PAN holders, IT employees, Energy and power sector
Why it matters:
This case is another reminder that citizens’ data is not safeguarded by a robust, secure system in both government and non-government Indian institutions. In addition to identity theft, people with access to citizens’ sensitive personal data are committing cyber crimes of serious nature, which can be detrimental to an individual’s social and financial security. As we await the data protection law, most of these critical crimes are registered under different sections of the IT Act, thus offering some level of impunity to gangs having deeper networks, who can easily escape stricter action. In such a situation, citizens are left thinking: how close are each of us to getting our data leaked from any known or unknown source?
According to the report, the members “registered and unregistered three companies – Data Mart Infotech, Global Data Arts and MS Digital Grow” for their operations. Cybercrime investigators also revealed that the database of mobile numbers was leaked from telecom service providers, while the credit and debit card data was leaked from “reputed financial institutions”. According to Money Control, the accused sold the data to at least 100 fraudsters.
Who was involved?
Speaking to reporters, Cyberabad Police Commissioner Stephen Raveendran highlighted the role of data brokers in leaking confidential information to sources that can misuse the data.
Team of @cyberabadpolice Commissioner @cpcybd arrested 7 member gang involved in data theft. The gang had been selling confidential data of #government #personal data of 16.8 crore citizens #PANcard #bank details. @NewsMeter_In @CoreenaSuares2 @KanizaGarari pic.twitter.com/nDZevpvINm
— SriLakshmi Muttevi (@SriLakshmi_10) March 23, 2023
The arrested suspects primarily worked as data entry operators and tele-callers, as per Telangana Today. The gang included one Kumar Nitish Bhushan, a call-centre operator, Sandeep Pal, who ran Global Data Arts, Zia Ur Rehman, who provided messaging services for promotions, and a couple of other mediators who sold data to fraudsters.
Increasing threat to people’s personal data
It’s not just about data leaking from different institutions. The Indian police from different states have unearthed operations of multiple gangs stealing people’s Aadhaar biometric data from multiple sources. The accurate number of Aadhaar-related frauds is not recorded by the National Crime Records Bureau (NCRB). Instead, the resulting cybercrimes from such data theft are registered under different categories in the NCRB.
The latest data from NCRB shows that in 2021, a total of 4071 cases of identity theft were registered across India. Additionally, credit and debit card-related frauds rose to 1624 in 2021 from 1194 in 2020. Given the massive size of data procured by fraudsters in each of these data theft cases, it won’t be incorrect to say that the number of cybercrimes including identity theft can be greater as most of these cases remain unreported or even unidentified.
(The article was edited on April 3, 2023 at 1:11 pm to add the latest updates in the case.)
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Andhra Pradesh: Gang Uses Cloned Aadhaar-Linked Fingerprints To Steal Money From Bank Accounts
- Haryana Police Bust Gang Stealing Money From Bank Accounts Using Aadhaar Enabled Payment System
- People’s Biometric Data With A Private Firm In Chennai Poses The Risk Of Identity Theft
- Parliamentary Committee Reportedly Approves India’s Proposed Data Protection Bill, But Congress MP Disputes Claim