The Delhi Police has arrested four persons from three states in connection with a leak of the Indian Council of Medical Research data, The Indian Express reported on Monday.

This came over two months after the central intelligence agencies found that personal details such as Aadhaar and passport records of over 81 crore Indians had allegedly been leaked from the data bank of the Indian Council of Medical Research and put on sale on the dark web.

Quoting an unidentified officer of a central agency, The Indian Express reported that the case was initially reported to the Indian Computer Emergency Response Team, or CERT-In, which verified the authenticity of the data with the departments concerned.

CERT-In is a nodal agency under the Union Ministry of Electronics and Information tasked with responding to computer security incidents.

The departments found that data of around 1 lakh people had been put up as a sample. From here, they picked the data of 50 people for verification and found them matching, the newspaper reported. The authorities then launched an investigation.

The Delhi Police took cognisance of the data leak earlier this month and registered a first information report.

The four arrested personsa Bachelor of Technology holder from Odisha, two school dropouts from Haryana and one from Jhansiwere nabbed last week and produced before a Delhi court. The court remanded them to seven days of police custody.

“The arrested persons told investigators during initial questioning that they met on a gaming platform around three years ago and became friends,” said the officer. “They then decided to earn quick money.”

The officer said that the accused also claimed to have stolen data from the Federal Bureau of Investigation of the United States and Pakistan’s Computerised National Identity Card, which is that country’s version of Aadhaar.

The officer said that officials of all central agencies were questioning the four men to try to understand how they had stolen the data.

In November, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said that there was evidence of Indian Council of Medical Research data being leaked but claimed that it had not been stolen.

After media reports of the arrest of four men, Trinamool Congress MP Saket Gokhale alleged that the government lied to him by denying a data breach in reply to his question in Rajya Sabha.

On December 8, Chandrasekhar told Parliament that no breach of Aadhaar data has occurred from the Central Identities Data Repository maintained by the Unique Identification Authority of India, or UIDAI.

He, however, stated there have been 165 breaches of the data of Indian citizens between January 2018 and October 2023.

Secure email for critical ministries

Meanwhile, the Central government has set up a secure email for 10,000 users in critical ministries, The Hindu reported on Sunday.

The email system has been designed by the National Information Centre and works on Zero Trust Authentication.

Under Zero Trust Authentication, users and devices are not trusted as a default setting even if they are connected to a pre-approved network or even if previously verified.

The development comes in the backdrop of the growing cyber security attacks targeting critical installations and government websites, such as the cyberattack last year on the database of the All India Institute of Medical Sciences in Delhi.

Also read: Stolen fingerprints, empty bank accounts: How customers are paying for gaps in Aadhaar