Close to 900 million Indian police data records, which include First Information Reports (FIRs) and records of court proceedings, are up for sale on a data breach forum for selling leaked data. This is not a very common data leak that happens on a daily basis because it contains a lot of sensitive data from government agencies. This is a job that could not be possible without the help of an insider, or we can say that this data was stored on a third-party server that was breached, although no reports have been published till now for the same.

A user who goes by the handle "Talimon" posted what appear to be samples of FIRs, legal case reports, court cases, and more. The data breach totals nearly 600 GB but the source of the leaked information has not yet been identified.

According to the user, the leak was OCR in JSON format and contained links to the original PDF files. OCR, or Optical Character Recognition allows machines to identify text from images, which could mean that these documents were possibly scanned. The post also contains two sample images showing an FIR and an accused person's list in various states.

In recent years, data leaks have increased drastically because of digitalization. It is not a wrong thing to be digitalized, but it comes with a great responsibility to securely handle such a large amount of data, especially for a highly populous country like India, which we could say is a data paradise for any hacker. This legal data sale event further focuses attention on the need for strict measures to protect sensitive information.

For the Indian agencies, it is necessary to take immediate action against this data leak and to probe the source for any more such sensitive information. So that the information that has not yet been uploaded could be contained and secured from any further data sale. Then the sources should be investigated, and immediate action must be taken against them.

Here are some images of the data that was leaked and disclosed in the public domain. (Disclaimer : The images are blurred to maintain privacy.)

The leak contains a total 900 gb of data which includes record 900m data entries. It includes:

• names of accused

• gender

• age

• father's or spouse's name

• address,

• PS of residence,

• district,

• PS name

• case or GDE reference

For their safety, organizations are advised to take measures to fortify their sensitive data and systems, including using strong passwords, implementing multi-factor authentication, keeping their software and firmware up-to-date, monitoring for signs of suspicious activity in their internal networks, and keeping an eye on any insider threat that could be a cause of problems in the future. Preservation of such sensitive data must be taken into account, and there should be a protocol to manage such data leaks and secure the compromised server as soon as possible to prevent the further spread of the breach.