The Indian Council of Agricultural Research (ICAR) suffered a cyber attack in March 2025 that resulted in the loss of crucial data, including recruitment records (from Technical Officers to Deputy Directors General), job applications, research projects, email communications, and repository data. The breach compromised the main server in Delhi and its replication server at NAARM (Hyderabad), with a bulk of data removed from both. The attack disrupted ICAR’s operations, leading to an internal inquiry that identified negligence as a key factor. Consequently, ICAR removed the director of the data center (IASRI), transferred two Principal Scientists (one heading the Computer Applications Division, another leading the IT Unit), and faced scrutiny from CERT-In. The compromised data belonged to ASRB (recruitment), NAARM, and IASRI, severely impacting administrative and research functions.
TPRM report: https://www.rankiteo.com/company/icar-indian-council-of-agricultural-research
"id": "ica1602416102025",
"linkid": "icar-indian-council-of-agricultural-research",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['Scientists',
'Job applicants (Technical '
'Officers to DDGs)',
'Research project contributors'],
'industry': 'Agriculture and Scientific Research',
'location': 'India',
'name': 'Indian Council of Agricultural Research '
'(ICAR)',
'type': 'Government Research Organization'},
{'industry': 'Agriculture and Data Science',
'location': 'Delhi, India',
'name': 'Indian Agricultural Statistics Research '
'Institute (IASRI)',
'type': 'Research Institute'},
{'industry': 'Agricultural Education and Research',
'location': 'Hyderabad, India',
'name': 'National Academy of Agricultural Research '
'Management (NAARM)',
'type': 'Academy'},
{'customers_affected': ['Job applicants (2024)'],
'industry': 'Government Hiring',
'location': 'India',
'name': 'Agricultural Scientists Recruitment Board '
'(ASRB)',
'type': 'Recruitment Board'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII of job applicants '
'and scientists)',
'type_of_data_compromised': ['Recruitment data',
'Research project data',
'Email communications',
'Job applications']},
'date_publicly_disclosed': '2025-07',
'description': 'A cyber attack in early 2025 resulted in the loss of crucial '
'data from the Indian Council of Agricultural Research (ICAR), '
'including recruitment records, research projects, and email '
"communications. The breach affected ICAR's main server in "
'Delhi and its replication server at NAARM in Hyderabad. '
'Following an inquiry, ICAR removed the director of the Indian '
'Agricultural Statistics Research Institute (IASRI) and '
'reassigned two Principal Scientists linked to the data '
'center. The incident prompted a high-level committee '
'investigation and involvement from CERT-In.',
'impact': {'brand_reputation_impact': ["Potential loss of trust in ICAR's "
'data security',
'Media coverage highlighting '
'negligence'],
'data_compromised': ['Recruitment records (Technical Officers to '
'Deputy Directors General)',
'Job applications (2024)',
'Research projects and submissions by '
'scientists',
'Email communications',
'Data from ASRB, NAARM, and IASRI'],
'identity_theft_risk': ['Risk to job applicants and scientists '
'whose PII was exposed'],
'operational_impact': ['Removal of IASRI director',
'Reassignment of two Principal Scientists',
'Disruption to ICT operations'],
'systems_affected': ["ICAR's main server (Delhi)",
'Replication server at NAARM (Hyderabad)',
'ICAR website',
'IASRI data center']},
'initial_access_broker': {'high_value_targets': ['ICAR main server (Delhi)',
'Replication server (NAARM, '
'Hyderabad)']},
'investigation_status': ['High-level committee report submitted (mid-August '
'2025)',
'CERT-In inquiry ongoing'],
'post_incident_analysis': {'corrective_actions': ['Leadership changes at '
'IASRI',
'Reassignment of key '
'personnel',
'Commitment to data '
'security improvements (per '
'ICAR Director-General)'],
'root_causes': ['Alleged negligence (per inquiry '
'committee)',
'Parallel IT units with '
'overlapping responsibilities '
'(Computer Applications Division '
'and IT Unit)']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'The Indian Express'}],
'regulatory_compliance': {'regulatory_notifications': ['CERT-In inquiry '
'initiated']},
'response': {'communication_strategy': ['Media statements by ICAR '
'Director-General (Mangi Lal Jat)',
'No direct comments from '
'removed/reassigned officials'],
'incident_response_plan_activated': True,
'remediation_measures': ['Removal of IASRI director (Rajendra '
'Prasad)',
'Reassignment of Principal Scientists '
'(Sudeep Marwaha, K.K. Chaturvedi)',
'Interim leadership appointment (Dr. '
'Kairam Narsaiah)'],
'third_party_assistance': ['CERT-In investigation']},
'title': 'Cyber Attack on Indian Council of Agricultural Research (ICAR) '
'Leading to Data Loss',
'type': ['Data Breach', 'Cyber Attack']}