A recent data breach targeting India’s Ministry of Food Processing Industries and Ministry of Health & Family Welfare has been claimed by a threat actor known as ‘Fredens-of-security’ on BreachForums. On August 10, 2023, Fredens-of-security asserted responsibility for the breaches, stating that a significant amount of data had been compromised. However, further examination of the details has raised doubts about the authenticity of these claims.
According to the information shared by Fredens-of-security, the data breach involving the Ministry of Food Processing Industries consisted of a dataset amounting to 4.5GB, allegedly containing 3 million records. This data reportedly included sensitive information such as phone numbers, email addresses, and house numbers. While Fredens-of-security provided a sample of the compromised data, they did not provide access to the complete dataset.
Upon closer investigation of the sample data, it was discovered that the compromised information possibly originated from the District Resource Person (DRP) and District Nodal Officer (DNO) contacts list, which is publicly available on the Ministry’s website. This raises doubts about the authenticity of the claimed Food Processing Ministry data breach.
In addition to the Food Processing Ministry breach, Fredens-of-security also claimed responsibility for breaching the Ministry of Health & Family Welfare. They purportedly accessed a 1.9GB SQL file containing 1 million records, which included private information like email addresses, telephone numbers, full names, and home addresses. Similar to the Food Processing Ministry breach, only sample records were provided, and the complete dataset was not made available.
An open-source search for the sample data from the Ministry of Health breach revealed that it was connected to the Rehabilitation Council of India and was already publicly accessible via the council’s website. This further raises questions about the authenticity of the claimed breach.
To verify the validity of these data breaches, The Cyber Express reached out to the concerned ministries for comments. However, an official response is yet to be received. The assertions made by Fredens-of-security regarding the breaches in Indian ministries have generated significant concern and demand careful consideration, especially as the country approaches its 77th Independence Day on August 15th.
Confirmation of the threat actor’s claims is still pending, and further updates will be provided upon receiving a response from the alleged breached ministries.
Please note that this report is based on internal and external research, and the information provided is for reference purposes only. Users are advised to exercise caution and bear full responsibility for their reliance on this information. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
In conclusion, while a threat actor has claimed responsibility for the data breaches targeting India’s Ministry of Food Processing Industries and Ministry of Health & Family Welfare, doubts have been raised about the authenticity of these claims. While waiting for official responses from the ministries involved, it is important to remain vigilant and investigate the veracity of these breaches to protect sensitive data and ensure cybersecurity.