A hacker claims to have accessed a large database linked with the Indian government's portal for blue-collar workers emigrating from the country.
The eMigrate portal's database allegedly includes full names, contact numbers, email addresses, dates of birth, mailing addresses, and passport data of individuals who allegedly registered for the portal.
The Ministry of External Affairs launched eMigrate, which helps Indian workers in emigrating overseas. The portal also offers clearance tracking and insurance services to migrating workers.
The database for sale on a recognised cybercrime forum looks to be genuine and it even includes the contact information for the Indian government's foreign ambassador. While it is unclear whether the data was stolen directly from the eMigrate portal or via a previous breach, the threat actors claim to have access to at least 200,000 internal and registered user accounts.
India's Computer Emergency Response Team (CERT-In) is working with the relevant authorities to take appropriate action, while the Ministry of External Affairs is yet to respond on the matter. This is not the first time India's government portals have been accused of data leak.
Earlier this year, an Indian state government website was found exposing sensitive documents and personal information of millions of residents. In May, scammers were found to have tricked government websites into displaying adverts that redirected users to online betting sites.
The implications of such data breaches is difficult to estimate. However, data breaches can have serious consequences for individuals whose personal information is exposed. Personal information provided on hacker forums is frequently used by attackers to launch phishing attacks, steal identities, and compromise users' financial security.
“Personal data is its own form of digital currency on the internet and breaches cost organizations a significant amount. The breaches impacting organizations and government entities are what the public sees front and center, but the impact on the end user isn’t as visible.” Satnam Narang, sr. staff research engineer, Tenable stated.