Institute of Chartered Accountants of India Suffers Alleged Breach According to Dark Web Reports

Key facts: The Institute of Chartered Accountants of India data breach

• Date reported: February 16, 2026.
• Unauthorized access identified: February 16, 2026 (data reportedly dates back to 2018).
• Target entity: The Institute of Chartered Accountants of India (icai.org).
• Source of breach: Unknown, unauthorized third-party.
• Data types: Personal details, database structures, and professional records.
• Status: Reported; alleged 8.3GB SQL file dump appeared on dark web forums.
• Severity: Medium; while the data may be legacy records, the volume of professional identifiers poses a risk for targeted social engineering.

Start continuous breach monitoring with UpGuard.

What happened in the The Institute of Chartered Accountants of India data breach?

The Institute of Chartered Accountants of India (icai.org) was the subject of reports regarding a potential data breach first disclosed on February 16, 2026. The incident, which surfaced on dark web forums, involves an alleged full SQL file dump. No specific threat actor has been officially identified in connection with the security event at this stage, and the organization is known as the largest professional accounting body in India.

The reported breach involves a significant data dump, with the unzipped file estimated at 8.3GB (256MB zipped). Interestingly, the data is said to date back to 2018, suggesting a historical vulnerability or a delayed leak of legacy records. The severity is currently classified as informational, indicating that while the volume of data is substantial, the age of the information may mitigate some immediate operational risks. This type of incident typically involves the exposure of database structures and sensitive records, which could pose long-term privacy concerns for the organization’s members.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for The Institute of Chartered Accountants of India customers

For members and stakeholders of The Institute of Chartered Accountants of India, the primary risks involve potential identity theft or targeted phishing campaigns. If the 8.3GB SQL dump contains personal details or professional credentials, malicious actors could use this information for credential stuffing or social engineering. Given the age of the data, which reportedly dates back to 2018, some information may be outdated; however, permanent identifiers like names and contact details remain valuable to attackers for building profiles on targets.

Incidents of this nature typically result in increased spam and attempts to compromise related professional accounts. To mitigate these risks, users should immediately update their passwords and remain vigilant against unsolicited communications. Proactive transparency from the organization helps users understand their specific level of exposure and the necessary steps for remediation.

How to protect against similar security incidents

Get instant alerts when your data appears on the dark web.

Frequently asked questions

What happened in the The Institute of Chartered Accountants of India security breach?

On February 16, 2026, The Institute of Chartered Accountants of India (icai.org) disclosed a security breach. According to initial reports, the organization allegedly experienced a data breach resulting in a full SQL file dump of approximately 8.3GB, with data purportedly dating back to 2018.

When did the The Institute of Chartered Accountants of India breach occur?

Chatter on the dark web suggesting a potential breach was discovered on February 16, 2026. The exact date of the attack has not been disclosed.

What data was exposed?

The types of data involved in the The Institute of Chartered Accountants of India incident have not been disclosed. This page will be updated as verified information becomes available.

Is my personal information at risk?

If you interacted with The Institute of Chartered Accountants of India, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after this data breach?

• Update passwords for all accounts associated with ICAI.
• Enable multi-factor authentication (MFA) where available.
• Monitor financial statements for unauthorized activity.
• Be cautious of emails or calls requesting sensitive information.
• Use breach monitoring tools to track your data's presence online.

What steps should companies take after being impacted by this breach?

The organization is expected to secure its systems, notify affected parties, and provide guidance on protective actions. It should also review internal security measures and deploy attack surface management to prevent future occurrences.