Data leak exposes personal data of Indian military and police

In 2021, a cybersecurity breach at Air India compromised the personal data of 4.5 million passengers. Additionally, that same year, the personal details of 500,000 Indian police personnel were offered for sale on a data-sharing forum.

In another incident, exam data and results for 190,000 candidates from a 2020 national-level competitive exam were leaked and sold on a cybercrime forum.

Implications of the latest leak

In the WebsitePlanet report, Fowler highlighted that the exposure of biometric data from police, military, and railway workers poses severe security and privacy risks. The data, crucial for identity verification and anti-impersonation measures, could be exploited for malicious activities if accessed by unauthorized parties.

“For example, a criminal could use the exposed data to impersonate another individual — in this case, it could be someone who works in law enforcement or the army, which could lead to possible national security concerns,” Fowler said in the report. “Hypothetically, a criminal could replace the image, fingerprint, and other data inside the database with those of an impersonator, who would then pass the biometric identity test as the face and prints match those in the exposed database.”