What is ORBO and what does it do?

ORBO (Organ Retrieval Banking Organisation) is a medical organization owned by The All India Institute of Medical Sciences (AIIMS) in New Delhi that manages voluntary organ donor information and coordinates organ donation activities across India.

When was the ORBO security vulnerability discovered?

The security vulnerability in the ORBO website was discovered by independent security researcher Aniket Tomar in mid-May 2025. The vulnerability was reported to the Computer Emergency Response Team (CERT-In) for remediation.

What sensitive information was exposed in the ORBO incident?

The exposed data includes full names of donors, complete residential addresses, dates of birth, blood group information, mobile phone numbers, emergency contact details, medical and health profiles, and identity verification documents of voluntary organ donors across India.

Who discovered the ORBO security flaw?

The security vulnerability was discovered by independent security researcher Aniket Tomar in mid-May 2025. Tomar responsibly disclosed the flaw to the Computer Emergency Response Team (CERT-In) to ensure proper remediation of the security issue.

How was the ORBO security vulnerability resolved?

After Aniket Tomar reported the flaw to CERT-In, the Computer Emergency Response Team responded on June 18, 2025, confirming that the security flaw was mitigated and the exposed donor data was secured, ending the unauthorized access vulnerability.

Who was affected by the ORBO data exposure?

The incident affected voluntary organ donors nationwide across India who had registered their information with ORBO. The exact number of affected donors has not been disclosed, but the exposure potentially impacted all donors whose information was stored in the vulnerable database system.

What should organ donors do about the ORBO data exposure?

Organ donors who registered with ORBO should monitor their personal information for any misuse, be cautious of unsolicited communications referencing their donor status or medical information, and contact ORBO or AIIMS if they notice any suspicious activity related to their donated personal information.

Incident

Indian Organ Retrieval Banking Organisation exposes organ donor information

Q: What is the ORBO data exposure incident?

The Organ Retrieval Banking Organisation (ORBO) website, owned by The All India Institute of Medical Sciences (AIIMS) in New Delhi, was found to be exposing sensitive information of voluntary organ donors nationwide due to a security vulnerability that allowed unauthorized access to donor databases without requiring authentication credentials.

Q: What caused the ORBO data exposure?

The data exposure was caused by a security vulnerability in the ORBO website that allowed unauthorized access to sensitive donor databases without requiring any authentication credentials. This meant anyone could potentially access the private donor information stored on the system.

published: July 27, 2025

Learn More

The Organ Retrieval Banking Organisation (ORBO) website, managed by The All India Institute of Medical Sciences (AIIMS) in New Delhi is reported to be exposing sensitive information of voluntary organ donors nationwide.

The cause of the data exposure was a security vulnerability in the ORBO website that allowed unauthorized access to sensitive donor databases without requiring any authentication credentials. The vulnerability was discovered by independent security researcher Aniket Tomar in mid-May 2025.

Exposed data includes:

Full names of donors
Complete residential addresses
Dates of birth
Blood group information
Mobile phone numbers
Emergency contact details
Medical and health profiles
Identity verification documents

Tomar reported the flaw to the Computer Emergency Response Team (CERT-In). On June 18, 2025, CERT-In responded to Tomar that the security flaw was mitigated, and the exposed data was secured.

Indian Organ Retrieval Banking Organisation exposes organ donor information

Read More
Mohawk Valley Cardiology reports data breach exposing data …
California Cryobank reports data breach
Akumin radiology and oncology reports ransomware attack and …
UC San Diego Health reports data breach caused …
Texas Digestive Specialists hit by InterLock ransomware, exposing …