The Cyberabad Metropolitan Police on Saturday, 1 April, said that they had arrested a man for allegedly procuring and selling the personal data of 66.9 crore individuals, as well as organisations, across 24 states and eight metros.
According to the police, the accused — Vinay Bhardwaj — used social media platforms to resell the data to fraudsters for profit.
“We received a complaint a few months ago about the accused. Based on that we started investigating and arrested the accused from Faridabad. We are searching for two more accused (Amer Sohail and Madan Gopal),” Cyberabad DCP (Cyber Crimes) Riti Raj told South First.
This comes after the Cyberabad cops, on 23 March, arrested seven people for allegedly procuring and selling the personal data of 16.8 crore individuals, as well as confidential government and organisational data.
Who were targetted?
The cops said that the accused were selling information across 104 categories. This includes data of 51.9 crore individuals and organisations in 44 categories.
As per the police, the accused has been caught with data of students of edtech firms Byjus and Vedantu.
He also possesses the data of 1.84 lakh cab users of eight metro cities and data of 4.5 lakh salaried employees of six cities and Gujarat.
“He holds consumer/customer data of major organisations like GST (pan India), RTO (pan India), Amazon, Netflix, YouTube, Paytm, PhonePe, BigBasket, BookMyShow, Instagram, Zomato, Policy Bazaar, Upstox, and others,” the police said.
The accused also had data of defense personnel, government employees, PAN card holders, Class 9, 10, 11, and 12 students, senior citizens, Delhi electricity consumers, D-Mat account holders, mobile numbers of various individuals, NEET students, high-net-worth individuals, insurance holders, credit and debit card holders.
Also Read: Hyderabad complaint helps cops nab Noida gang selling data
“Data of NEET students with their names, father’s name, mobile number, their residences was also found with these accused. PAN card database containing sensitive information on income, email IDs, phone numbers, address, etc, was also found. Data of government employees containing information on their name, mobile number, category, date of birth, etc, was also found,” the police said.
Along with this, data of car owners, job aspirants’ data, real estate, constructions, manufacturing and industrial, frequent flyer travel details, NRI database, etc, was also identified with them.
Also Read: AIIMS cyber attack: Tharoor asks govt to ensure citizens’ data safety
His modus operandi
As per the police, Bhardwaj opened an office in Faridabad, Haryana, and collected databases from Amer Sohail and Madan Gopal.
Bhardwaj was operating through a website called “Inspire Webz” in Faridabad, Haryana, and was selling the data to clients through cloud drive links.
As per the cops, he has been selling data for the last eight to 10 months.
Two mobile phones, two laptops and confidential data across 135 categories have been seized from Bhardwaj.
Data and its source
Among the states, the accused had highest share of data from Uttar Pradesh — 21.39 crore. This was followed by Maharashtra (4.5 crore), Delhi (2.7 crore), Rajasthan (2 crore),Punjab (1.5 crore), Madhya Pradesh (1.1 crore) and Haryana, and Bihar (one crore each).
From the Southern states, the accused had highest share of data from Andhra Pradesh (2.1 crore) followed by Karnataka (2 crore), Kerala (1.57 crore), Tamil Nadu (1.02 crore), Chennai (70 lakh), Bengaluru (60 lakh) and Hyderabad (56 lakh).
Among other major sources of data, the accused also had 3.47 crore domain data, three crore mobile numbers data, two crore community-wise data, and two crore students data.