Hyderabad, March 23 (PMI): Cyberabad Police has arrested a gang involved in committing theft, procuring and selling of sensitive and confidential data of Government and important organisations and also personal and confidential data of 16.8 crore citizens.
The accused have been found selling different categories of information exceeding over 140 categories that includes some of the important and sensitive categories like details of defence personnel, mobile numbers of citizens, NEET students, Energy & Power sector, PAN card data, Government employees, Gas & Petroleum, HNIs, D-MAT accounts, students database, woman database, Bangalore women consumer data, data of people who have applied for loans, insurance, credit card and debit card holders of AXIS, HSBC and other banks, WhatsApp users, Facebook users, IT organisation employees, frequent flyers and so on. The accused are selling the data through Just Dial and similar platforms.
When any individual calls the toll-free numbers of JustDial and ask for any sector or category related confidential data of individuals, their query is listed and sent to that category of service provider. Then these fraudsters call those clients/ fraudsters and send them samples. If the client agrees to purchase, they make payment and are provided the data. This data is further used for committing crime.
In this case, the accused gang operated through registered and unregistered 03 companies Data Mart Infotech, Global Data Arts and MS Digital Grow. Sensitive data of defence personnel containing their ranks, email ids, place of posting, and so on was found available with these accused. Data of NEET students with their names, father’s name, mobile number and their residence is also found with these accused. PAN Card database containing sensitive information on income, email ids, phone numbers, address was also found. Data of government employees containing information on their name, mobile number, category, date of birth was also found. Gas and Petroleum companies’ database with the names, mobile number, email ids, address etc of franchisees was found.
Further, mobile number database of 03 crore individuals probably leaked from Telecom Service providers with order number, service start date, segment details, billing details account number, SIM number etc was also found which can be used for committing various crimes.
Further, the data of customers from reputed financial institutions like Axis, HSBC and so on of credit card and debit cards containing information on account details like name, account number, income, transaction details, mobile number, address was found. Data of WhatsApp user of 1.2 crore individuals with their state details were found. Data of Facebook users of 17 lakh individuals with information on login id, IP city, age, email id, phone number etc was also found.
The sensitive data can be used for unauthorised access to important organisations and institutions. The data of defence and government employees can be used for espionage, impersonate and commit serious offences which may jeopardise the National Security. The data related to PAN card can be used to commit serious offences. The data is being used to commit large number of cyber crimes by gaining confidence with victim by disclosing the information.
Principal accused Kumar Nitish Bhushan established a call centre in Noida, UP and collected credit card data bases from accused No. 5 Muskan. He used Justdial and other social media platforms to resell the data to fraudsters for profits.
A2 Kumari Pooja Pal worked as a tele-caller at A1’s call centre. A3 Susheel Thomar worked as a data entry operator at A1’s call centre. A4 Atul Pratap Singh collected data of credit card holders and sold it on a profit basis through his company “Inspiree Digital”. A5 Muskan Hassan previously worked as a tele-caller at A4’s office. Now, by establishing the company “MS Digital Grow”, she sells data as a mediator. In this case, A1 procured data of card holders from A5, whereas A5 arranged that data from A4. A6 Sandeep Pal established Global Data Arts and used Justdial services and social media platforms to sell customers’ confidential data to fraudsters, who are indulged in cyber offences. A7 Zia-Ur-Rehman provides bulk messaging services for promotions and also shared the Data base to A4 & A1.
The Cyberbad police seized 12 mobiles phones, three laptops, two CPU’s, mails and tax invoices of Justdial and data of 138 categories containing sensitive information of government, private organisation and individuals.
Cyber police found that private organisations are collecting data both with consent and without the knowledge of the individuals. There is no data privacy or protection policy by most of these private organisations, who possess and process the data of individuals. The organisations providing digital services are also capturing many information of individuals without their consent or without any means of information to the individuals informing of the type and amount of data being collected from their devices while providing services.
Private organisations like financial institutions, social media intermediaries, e-commerce platforms, search engine websites, contact details directory service providers like JustDial, etc collect various personal and confidential information of individuals while providing services and without consent of the individuals while their websites or applications are being used. These private organisations do not have a proper legally sound data protection or privacy policy to collect, process and store the confidential, personal and sensitive data of individuals. The private organisations do not have secure systems and networks to ensure protection of personal and confidential data they hold of individuals.
These private organisations do not have legally sound policy for sharing the personal, confidential and sensitive data of individuals to their third-party vendors for availing various services. It is noticed that most of the times there is data theft being committed at these vendor levels. The private organisations sharing the personal data of individuals with their vendor organisations do not have a proper policy or process in place for verification of vendor antecedents and security of their systems holding the data.
Since such data is available in the open market through organisations like JustDial and others, a high number of fraudsters are abusing it to commit cases of cyber crime. Possession of this data helps them build trust and confidence with the victims with which they convince them to part with their money.
The cyber police advised the general public to approach police or Law Enforcement Agencies whenever you find that your private and confidential data has been misused by private companies. Do not share your personal information with unknown individuals or websites, especially financial information such as credit card numbers and banking details.
While using any services in person or on digital platform know from the service provider the information they are collecting and the purpose and use of that data by those companies. Use privacy settings before using any mobile device, computers, applications, websites or search engines. Use privacy settings for privacy and information protection on social media platforms.
While downloading any application, understand the permissions sought by them to access information on your device. Fraudulent applications seek permission to access personal information like contact details, media files (images, videos, etc) which will be used further to commit different crimes. Please intimate Police whenever you find that an application is seeking permission to access more information than is required to provide any service.
Use unique, complex passwords for each of your online accounts and update them regularly to ensure your accounts remain secure. Ensure your operating system, software and applications are updated regularly, as software updates often include security patches to protect against cyber threats. Install reputable antivirus software and keep it updated to protect your devices from viruses, malware and other online threats. Stay alert for suspicious activities such as unexpected emails or calls asking for personal information or payment details. Report any suspicious activity to the appropriate authorities. Do not download any remote service application like AnyDesk, Quick viewer, Team support etc on devices that have payment options enabled. Stay informed about the latest cyber security threats and best practices by reading news articles, blogs and other resources.
ADVISORY TO THE PUBLIC:
- Please approach Police or Law Enforcement Agencies whenever you find that your private and confidential data has been misused by private companies.
- Do not share your personal information with unknown individuals or websites, especially financial information such as credit card numbers and banking details.
- While using any services in person or on digital platform know from the service provider the information they are collecting and the purpose and use of that data by those companies.
- Use privacy settings before using any mobile device, computers, applications, websites or search engines.
- Use privacy settings for privacy and information protection on Social Media platforms.
- While downloading any application, understand the permissions sought by them to access information on your device. Fraudulent applications seek permission to access personal information like contact details, media files (images, videos, etc) which will be used further to commit different crimes. Please intimate Police whenever you find that an application is seeking permission to access more information than is required to provide any service.
- Use unique, complex passwords for each of your online accounts, and update them regularly to ensure your accounts remain secure.
- Ensure your operating system, software and applications are updated regularly, as software updates often include security patches to protect against cyber threats.
- Install reputable antivirus software and keep it updated to protect your devices from viruses, malware and other online threats.
- Stay alert for suspicious activities such as unexpected emails or calls asking for personal information or payment details. Report any suspicious activity to the appropriate authorities.
- Do not download any remote service application like AnyDesk, Quick viewer, Team support etc on devices that have payment options enabled.
- Stay informed about the latest cyber security threats and best practices by reading news articles, blogs and other resources.(PMI)