
In the latest incident of data breaches affecting government systems, the SPARSH portal, dedicated to the pension processing of defence personnel, recently fell victim to a security breach.
SPARSH Overview
SPARSH is a digitized pension processing system that provides online pension-related services to more than 3 million pensioners from 50 different organizations. This includes entities such as the Border Roads Organization and Military Intelligence.
Nature of the Breach
While specific details about the breach were not disclosed, a message on Telegram indicated that sensitive information such as usernames, passwords, pension numbers, and more might have been compromised.
Immediate Actions Taken
CERT-In, in response to an inquiry from Business Standard, mentioned that they are actively working on addressing the issue and taking appropriate actions with the concerned authorities.
User Impact
Several retired service personnel reported difficulties accessing the portal following the breach, highlighting the immediate consequences for users.
Dark Web Sale of Data
Threat actors have taken advantage of the breach by offering the leaked data for sale on the dark web and platforms like Telegram, including some Russian marketplaces.
SPARSH Services and Significance of the Breach
The SPARSH portal provides crucial services such as Personal Data Verification (PDV) and life certificate verification, relying on the biometric data of pensioners. Additionally, it maintains a repository of essential pension-related documents, underscoring the significance of the data leak.
Larger Context
This incident is part of a series of data breaches affecting government portals in India in recent months. In October of the previous year, the Indian Council of Medical Research experienced a massive data breach, where personally identifiable information of 815 million Indians was offered for sale on the dark web.