French shipbuilder DCNS was hit with a massive data breach, resulting in classified data, pertaining to India's $3.5bn (£2.6bn) Scorpene submarines having been leaked. Over 22,000 documents have been leaked online, detailing the combat capabilities of the new six-boat submarines, which poses a major national security risk to India.
The breach may also impact the national security of Brazil, Chile and Malaysia, all of whom already operate Scorpene. Additionally, Australia may also be under risk of similar leaks, given DCNS's A$50bn (£28.8bn; $38.12bn) contract to build a new fleet of submarines for the country's naval defence, The Australian reported. The Scorpene submarine is widely considered to be one of the most advanced of its kind, and is believed to be designed to evade detection underwater. However, the leaked documents allegedly completely expose Scorpene's technical and combat capabilities, including sonar powers.
A spokesperson for DCNS told ZDnet, "As a serious matter pertaining to the Indian Scorpene program, French national authorities for Defence security will formally investigate and determine the exact nature of the leaked documents."
The firm also confirmed there was no connection between India's submarines and those pertaining to the Australian submarine programme. "The matters in connection to India have no bearing on the Australian submarine program which operates under the Australian government's arrangements for the protection of sensitive data," the DCNS spokesperson added.
According to Indian publication The Hindu, India has launched a probe into the leaks. "I have asked the Navy Chief to investigate the matter and find what has been leaked and how much of it is about us," said India's Defence Minister Manohar Parrikar, who characterised the data leak as "a hacking".
It is still unclear if the data leak is a result of a targeted cyberespionage campaign. The leaks have not yet been attributed to any threat actors or hacker groups. It is also still uncertain as to whether the data leak originated from France or India.
DCNS maintains it was only the "provider and not the controller of technical data" connecting to sensitive information in India. However, according to unnamed sources, the leak originated from France in 2011 and contains information on DCNS projects unrelated to India.
The Indian Navy said in a statement, "The available information is being examined at Integrated Headquarters, Ministry of Defence (Navy) and an analysis is being carried out by the concerned specialists. It appears that the source of leak is from overseas and not in India," the Indian Express reported.
The leaked data includes 4,457 pages on the submarine's underwater sensors, 4,209 pages on its above-water sensors and 4,301 pages on its combat management system. Another 493 pages contain data on the submarine's torpedo launch systems and specifications, 6,841 pages on communications system and 2,138 on its navigation systems. The documents could prove to be an intelligence treasure trove, if procured by India's neighbours Pakistan and China.