Massive CCTV Data Breach in India Exposes Weak Password Security and Raises Serious Cybersecurity Concerns Nationwide

A shocking cybercrime case at Rajkot's Payal Maternity Hospital reveals how one weak password, "admin123" resulted in one of India's most alarming privacy breaches. It began as a little act of negligence evolved into a big data theft strike, exposing thousands of private surveillance systems across the country.

Hackers allegedly accessed the hospital's CCTV system with the default administrator credentials and captured very sensitive footage from the gynaecology ward. These videos were then sold online and distributed across worldwide fetish networks, placing patients' privacy at considerable threat.

Investigators revealed that almost 50,000 video clips were gathered during a nine-month period (January to December 2024) before the main suspects were captured in early 2025. However, the research revealed that the problem extended far beyond Rajkot. During the investigation, officials discovered over 80 corrupted CCTV dashboards in major cities including Mumbai, Pune, Delhi, Surat, Ahmedabad, and even small towns. The stolen feeds were not restricted to hospitals, hackers had accessed cameras in schools, offices, factories, and private houses throughout 20 states. Despite the arrests, investigators discovered that videos were still being sold online until mid-2025.

According to the Ahmedabad cybercrime division, the attack was carried out using brute force attacks, which are automated software that guesses usernames and passwords until it finds the correct one. The suspect, Parit Dhameliya, a BCom graduate, utilized hacking tools to gain access to vulnerable cameras, while the other guy, Rohit Sisodiya, posed as a technician to watch live video feeds using a remote viewing app. Once there, they could monitor and capture video in real time without the victims ever realizing their privacy had been violated.

This event has highlighted the nation's inadequate digital security hygiene and a lack of knowledge about fundamental cyber protection techniques. Experts believe that many clinics, offices, and houses employ factory-set passwords and unprotected video systems, making them vulnerable to hackers. The Payal Hospital data theft has generated concerns about mandating cybersecurity checks for healthcare and public entities. Investigators are collaborating with cybercrime units across states to locate further infected networks and erase leaked content from web sites.

The respondents have been charged under the Information Technology Act and the Indian Penal Code with privacy infringement and cyber exploitation. This example serves as a stark reminder that even a single weak password may inflict significant damage, compromising not only personal data but also national digital security. Strengthening password restrictions, updating devices, and raising public awareness are more vital than ever in protecting India's expanding digital ecosystem.

Information referenced in this article is from The Economic Times