A threat actor has emerged on the dark web, purporting to vend a trove of sensitive documents and data obtained from an Indian government ministry server. The illicit sale encompasses a comprehensive array of personal information belonging to Indian citizens. Among the data offered are records from approximately 120,000 users, including phone numbers, email addresses, and passwords. Additionally, the sale includes 60,000 lines of data detailing individuals’ names, along with the names of their parents, birth details, and contact information. Furthermore, the actor claims to possess 60,000 profile photos, as well as bankproof and CardID photos. This disclosure underscores the severity of the breach and the potential implications for the affected individuals’ privacy and security.