The Ministry of Electronics and Information Technology (MeitY) has reportedly directed the Indian Computer Emergency Response Team (CERT-In) to investigate the extent of Indian data compromised in what is being described as one of the largest global data breaches to date. The breach reportedly involves the leak of user credentials and sensitive information linked to approximately 16 billion digital accounts.
CERT-In has been asked to coordinate with intermediaries, data centres, corporations, and government entities to ascertain the presence and scale of Indian user data within the compromised records.
Further, the breach is believed to affect accounts across major platforms, including Apple, Google, Facebook, GitHub, Telegram, and several government services. The discovery indicates the data was dispersed across 30 databases and likely obtained via infostealer malware over an extended period, beginning January 2025.
MeitY had previously issued stringent cybersecurity norms in 2022, mandating that all cyber incidents be reported to CERT-In within prescribed timelines. These guidelines require detailed
disclosures on the nature of the breach, affected systems, and user notifications. Additionally, companies are obligated to maintain 180 days of IT system logs stored within India, which must be submitted to CERT-In when requested during investigations.
