Segment 12 — CLASSIFIED

SOCIAL INFRASTRUCTURE

Education Systems | Personal Data | Media & Journalism | Digital Influence Operations

300+

Pegasus Victims

Journalists & Activists confirmed

200K

CBSE Records Sold

2018 breach, 2019被发现

38M

DIKSHA/NTA Exposed

Jan 2023 data leak

100+

BJP G Cell Personnel

Digital influence operations

Education Sector Breach Timeline

Pegasus/NSO Group Infections

Digital Influence Infrastructure

Personal Data Exposure by Category

Threat Assessment

Personal Data Risk

MINIMALLOWMODERATEHIGHCRITICAL

Threat Assessment

Education Sector Risk

MINIMALLOWMODERATEHIGHCRITICAL

Threat Assessment

Media Surveillance Risk

MINIMALLOWMODERATEHIGHCRITICAL

Case Studies

CBSE Examination Data Leak 2018

India Central Board of Secondary Education

MAR 2018

Hackers breached CBSE servers and sold 200,000 student records including Aadhaar numbers, PAN numbers, and contact details of students who appeared for 10th and 12th board examinations.

Data sold on dark web forums for Rs 500-2000 per record

Records included Aadhaar, PAN, addresses, phone numbers

Affected students from 10th and 12th standard

CBSE forced to issue duplicate mark sheets

IMPACT:200,000 students affected

DIKSHA Platform Breach Jan 2023

National Digital Education Infrastructure

JAN 2023

Security researcher discovered 37.9 million student and teacher records exposed via unprotected API endpoints on the government-run DIKSHA platform.

Unprotected Elasticsearch cluster publicly accessible

Records included student names, ages, school details

Teacher data including professional information

Data remained exposed for 3 weeks before discovery

IMPACT:37.9M records exposed

NTA JEE/NEET/CUET Breaches

National Testing Agency

2021-2024

Multiple breaches affecting India's premier entrance examinations. OROP data from 2021 leaks resurfaced in 2023. Students' data including results and personal information sold on dark web.

JEE Main 2021 data sold on dark web forums

NEET 2021 OROP records leaked

CUET 2022 data discovered in breach

Unified Paper Reference database exposed

IMPACT:5M+ students affected

Pegasus Spyware Infections

NSO Group / Israeli Cyberweapons

2019-2022

Amnesty International and Forbidden Stories investigation confirmed 300+ Indian targets including journalists, activists, opposition politicians, and business leaders were infected with Pegasus spyware.

Targeted: Rajdeep Sardeshi, Sanjay K. 媒介

Activists: Anand Teltumbde, Nandan Jha

Opposition figures and business leaders

Govt denied procurement, NSO maintained client list

IMPACT:300+ confirmed victims

BJP G Cell Digital Operations

Bharatiya Janata Party Cyber Wing

2014-2024

Investigative reports revealed the BJP's dedicated social media operation with 100+ personnel running coordinated inauthentic behavior across platforms to manipulate public discourse.

100+ dedicated personnel identified

Operates across Twitter, FB, WhatsApp, YouTube

Uses booth-level worker coordination

Patterns of coordinated inauthentic behavior documented

IMPACT:Multi-platform influence

Journalist Surveillance Network

State-Sponsored Hacking Collective

2017-2024

Multiple journalists including those investigating military matters, corruption, and human rights violations were targeted with spyware, phishing campaigns, and physical surveillance.

Siddiqui, Mandeep Punia under surveillance

Phishing attacks via WhatsApp links

Phone numbers listed in dark web data

Some attacks linked to state actors

IMPACT:50+ media professionals

Key Findings

Aadhaar Data Aggregation Risk

Biometric data linked to Aadhaar creates permanent identity theft risk. Once compromised, cannot be reset like passwords.

Exam Data Systemic Vulnerability

Multiple NTA/CBSE breaches indicate systemic security failures. No unified security framework across education technology infrastructure.

Spyware Proliferation Unchecked

Pegasus and similar tools continue to operate despite曝光. No domestic surveillance oversight mechanism exists.

Digital Influence Infrastructure

State and party-affiliated influence operations operate with minimal transparency or accountability.

Journalist Protection Gap

Media workers lack legal protection against state surveillance. No source protection laws effectively enforced.

Data Broker Ecosystem

Dark web markets actively sell Indian citizen data. No comprehensive data protection enforcement.

CRITICAL ALERT: Systemic Personal Data Exposure

Over 2 billion Indian citizens have had their personal data compromised across various breaches. Aadhaar, exam data, and financial information are actively sold on dark web markets. The absence of a comprehensive data protection law leaves citizens with no legal recourse. Journalist surveillance through Pegasus represents an existential threat to democratic discourse. Immediate legislative action and institutional reform are required to protect citizen privacy and press freedom.

CLASSIFICATION: TOP SECRET // COMPARTMENTEDCRyPTOMIZE INDIA THREAT INTELLIGENCE PLATFORMSEGMENT 12 // SOCIAL INFRASTRUCTURE