New Delhi: A startling twin data-wipe incident at the Indian Council of Agricultural Research (ICAR) and its recruitment body, the Agricultural Scientists Recruitment Board (ASRB), has triggered serious concerns over systemic vulnerabilities, potential insider involvement and the possibility of a larger cover-up. Sensitive data vanished first from ICAR’s primary server in New Delhi in February, and within days, an identical wipe-out occurred in the backup system stored at the Disaster Recovery Centre (DRC) in Hyderabad.
Despite clear government protocols, the institution reported the matter late, refrained from issuing any detailed official statement, and initiated formal inquiry procedures only after weeks of delay — developments that have fuelled suspicion that this was more than a routine cybersecurity lapse.
How the ICAR–ASRB Data Disappeared
According to officials familiar with the matter, the first indications of a breach surfaced in early February, when recruitment and evaluation documents maintained by the ASRB became inaccessible. At first, the disruption was assumed to be a temporary technical fault. But preliminary checks quickly revealed that several key files had been erased from the Delhi server.
What deepened the crisis was the discovery, days later, that the Hyderabad DRC — which is meant to act as the final safeguard against system failure — had an identical set of deletions. The simultaneous loss of primary and backup datasets is seen by cybersecurity professionals as highly unusual and extremely difficult to execute without deliberate intervention.
Experts point out that such matching patterns of deletion are not characteristic of common system errors or random glitches. The incident, they say, points either to a deep-level targeted cyberattack or to internal interference by an individual with high-level administrative access.
What Data Went Missing
The data erased from the ICAR–ASRB ecosystem covered several critical operational functions, including:
- Recruitment applications and candidate records
- Eligibility assessments, evaluation sheets and interview marks
- Key documents related to research projects
- Vigilance and disciplinary records
- Internal communication logs and administrative files
These records form the backbone of ICAR’s recruitment, research oversight and institutional governance framework. Their disappearance raises questions not only about the integrity of ongoing processes, but also about past selections, assessments and project monitoring.
Silence From India’s Top Agricultural Research Body
One of the most contentious aspects of the episode has been ICAR’s muted response. Despite the scale of the incident, the institution did not issue an immediate public statement. Sources indicate that the mandatory reporting to central cybersecurity agencies was also delayed, in violation of standard protocols that require immediate notification in cases of data breach or deletion.
Experts call this delay a “serious procedural lapse.”
According to a senior cybersecurity analyst:
“When both primary and backup servers show identical data loss, it is a clear red flag. Such a situation warrants instant escalation and a coordinated response. ICAR’s slow and guarded reaction is unusual for an incident of this magnitude.”
Delays, Missing Logs and Fear of a Cover-up
By March, the pattern of the deletions had become clearer, but the formation of a formal inquiry committee within ICAR reportedly took longer than expected. Meanwhile, several essential system logs — crucial for forensic examination — were not preserved in time, weakening the prospects of a full technical audit.
These lapses have intensified concerns among experts that the data erasure may not have been accidental. Some believe the deletions may have been intended to remove sensitive information related to recruitments, evaluations or vigilance matters. While no official confirmation has been provided, the possibility of insider involvement remains open.
Is the Cyberattack Angle Still Valid?
Technical teams have not ruled out the possibility of an external cyberattack. However, they have found no clear evidence of widespread intrusion, ransomware signatures or system compromise typically associated with major cyber offensives.
Even so, some specialists believe that if a cyberattack did occur, it would have been highly sophisticated and specifically designed to target selected records without triggering large-scale alerts.
What Next?
The twin data wipe has exposed glaring weaknesses in the cybersecurity and administrative oversight mechanisms of one of India’s most critical research institutions. As ICAR plays a central role in shaping agricultural policy, research and human-resource capacity, the loss of such critical data is expected to have long-term implications.
Calls for a high-level, independent investigation are growing. Experts emphasize that unless ICAR provides a transparent account and preserves all remaining digital evidence, questions over whether this was a cyber breach or an orchestrated clean-up will continue to loom.
