When the Indian Council of Agricultural Research (ICAR) discovered in late February that critical data stored on its primary server in New Delhi had vanished, the alarm was muted. No public disclosure followed; no police complaint was filed. Days later, the backup server—housed hundreds of miles away at a disaster recovery center in Hyderabad—also went dark, its contents wiped just as mysteriously.
What disappeared was not simply digital paperwork. Recruitment files, scientist profiles, project dossiers, interview assessments—documents that chronicle how India identifies, hires, and evaluates its agricultural scientists—were suddenly gone. And the institutions responsible for stewarding them, ICAR and its recruitment board, the ASRB, remain unable to explain how both the primary and backup systems failed nearly simultaneously.
Months after the breach, and only after the Prime Minister’s Office was briefed, an internal six-member committee was formed in July. By then, the data was already lost, the actions taken were limited, and the speculation—in research circles and beyond—was well underway.
A Timeline Marked by Silence and Delay
According to individuals familiar with the internal probe, the first signs of trouble emerged on February 28, when New Delhi’s main server began malfunctioning. Instead of triggering an emergency protocol or notifying authorities trained to respond to intrusions, administrators attempted to troubleshoot internally. Days later, the Hyderabad backup server also suffered a wipe-out.
Despite managing a vast digital infrastructure and a budget of more than ₹10,000 crore, ICAR went months without filing an FIR. The episode remained largely hidden within the organization, even as scientists reliant on the missing data began encountering inexplicable gaps in their files and communications.
Only in July—four months after the data vanished—did ICAR assemble a committee to investigate. The members were senior ICAR officials, none with a background in cybersecurity. The panel’s mandate: determine whether the deletion was accidental or intentional, and propose measures to prevent future losses.
By then, the leadership at the top had shifted. ML Jat, who took over as Director-General of ICAR in April, acknowledged that alerts had been missed and maintenance protocols ignored. His predecessor, Himanshu Pathak, had moved to head the International Crops Research Institute for the Semi-Arid Tropics (ICRISAT) in Hyderabad.
Speculation Grows as Missing Data Touches Recruitment Nerves
For a community of scientists accustomed to rigid procedures and precise documentation, the timing and nature of the deletions quickly raised suspicions. Recruitment within ICAR and ASRB is not merely bureaucratic; it shapes the nation’s agricultural research ecosystem. Each scientist selected joins a system responsible for developing crops, assessing climate impacts, and improving yields for millions of farmers.
The stakes are high—and so are the pressures.
Venugopal Badarwada, a former ICAR governing body member, wrote to Prime Minister Narendra Modi alleging that the deletions were deliberate, potentially linked to irregularities in recruitment. He pointed to the significant financial and administrative weight attached to each selection, arguing for a complete audit of recruitment decisions since 2014.
ICAR’s current leadership dismissed the allegations as unfounded, yet acknowledged that four individuals had faced internal action and that the cause of the wipe-outs remained under investigation.
The fact that the Hyderabad backup failed after the Delhi server incident continues to unsettle experts. Disaster recovery systems are designed precisely to prevent such losses. That both servers succumbed in quick succession—without triggering robust defensive actions—has left many questioning whether negligence alone could explain the collapse.
An Inquiry Without Answers, and an Institution Under Scrutiny
The internal committee leading the probe is headed by a deputy director general specializing in crop sciences rather than digital security. That choice, critics argue, reflects a broader pattern: the system designed to support India’s scientific advancement may be ill-equipped to protect the very data that underpins it.
Independent cybersecurity experts say that without forensic analysis—a process requiring immediate data capture, server imaging, and external oversight—the possibility of uncovering a definitive cause diminishes significantly over time. With months already lost, crucial evidence may have evaporated.
Inside ICAR, the loss of recruitment files has forced administrators to reconstruct records piecemeal. For scientists awaiting interviews, promotions, or postings, the wipe-out has introduced uncertainty into a process normally governed by meticulous documentation.
Outside the institution, the breach poses deeper questions about governance. How did an agency central to India’s agricultural future suffer such a profound digital failure? Why were alerts ignored, backups not secured, and authorities not notified? And what does it mean for institutions whose credibility depends on transparency and trust?
For now, the investigation continues—slowly, internally, and without the clarity that many in India’s agricultural research community believe is essential. As the country faces increasingly complex challenges in food security and climate resilience, the episode has underscored a sobering truth: the integrity of scientific systems depends not only on research, but on the infrastructure that protects it.
