The catastrophic loss of sensitive recruitment and research records from India’s premier agricultural research body raises critical questions about institutional accountability, governance failures, and deliberate cover-ups that demand immediate answers from the government.
The sequence of events surrounding the Indian Council of Agricultural Research (ICAR) data breach reads like a masterclass in institutional opacity. On February 28, 2025, ICAR’s servers in New Delhi first triggered security alerts indicating a potential breach. Days later, in March 2025, the primary server in Delhi experienced a catastrophic data deletion that wiped out critical recruitment and research records. Within days of the Delhi server failing, the backup server housed at the National Academy of Agricultural Research Management (NAARM) in Hyderabad’s Disaster Recovery Centre (DRC) also saw its data vanish.
The most disturbing aspect: ICAR’s leadership remained silent for four months. No First Information Report (FIR) was filed. No public announcement was made. No emergency protocols were activated. It wasn’t until July 2025—when Union Agriculture Minister Shivraj Singh Chouhan learned of the breach during the ICAR Society’s Annual General Meeting on July 7—that the crisis was finally acknowledged.
What Was Lost: The Backbone of Agricultural Research and Recruitment
The data destruction targeted the institutional heartbeat of India’s agricultural research ecosystem. The deleted records included sensitive information spanning across three critical institutions under ICAR: the Agricultural Scientists Recruitment Board (ASRB), the Indian Agricultural Statistics Research Institute (IASRI), and NAARM itself.
Specifically, the lost data encompassed:
- Recruitment records ranging from Technical Officers to Deputy Director General positions
- Job applications collected over multiple years
- Scientist profiles and career records
- Research project files representing years of investigative work
- Interview evaluations and assessments for recruitment candidates
- Vigilance and compliance notes
- Email communications between scientists and administrators
- Financial records related to grants and project funding
- Application eligibility assessments and marksheets
- Administrative correspondence
This wasn’t a minor data loss. This was the complete obliteration of institutional memory across recruitment processes that determine which scientists lead India’s agricultural innovation.
The Disaster Recovery Failure: Why the Backup Collapsed
The critical failure lies in the backup system’s inability to protect data after the primary system was compromised. The Disaster Recovery Centre in Hyderabad existed precisely for this scenario—to safeguard institutional data when the primary server fails. Yet it too was wiped clean.
Sources reported that despite the February 28 alert, no immediate backup or protective measures were taken. This raises a fundamental question: How did a government institution with a yearly budget of Rs 10,000 crore fail to implement basic data security protocols that smaller research organizations routinely execute? The fact that both primary and backup systems were compromised sequentially suggests either catastrophic incompetence or something far more deliberate.
The Investigation That Wasn’t
When ICAR finally formed an investigation committee in July 2025, the composition itself became controversial. The six-member panel, led by Dr. D.K. Yadava, DDG (Crop Sciences), was staffed exclusively with internal ICAR officials. Not a single external cybersecurity expert was included.
This decision was particularly troubling given the technical nature of the breach. Tasking an agricultural scientist with investigating sophisticated data deletions is akin to asking a cardiologist to investigate a mechanical aircraft failure. The committee’s mandate was to submit findings by July 31, 2025, but no evidence suggests these findings have been released publicly or shared with independent oversight bodies.
ICAR DG Dr. Mangi Lal Jat, who took charge on April 18, 2025—just weeks after the March data destruction—has since been tasked with overseeing the investigation into events that unfolded during his predecessor Himanshu Pathak’s tenure. This creates a potential conflict of interest where the current leadership may have incentives to downplay the severity of systemic failures inherited from their predecessor.
The “Accidental” Narrative vs. Evidence of Deliberation
In his statements to the press, Dr. Jat has characterized the data loss as stemming from negligence rather than malice, suggesting that “necessary alerts and maintenance protocols were ignored”. He indicated that four individuals had been subjected to “action,” though specifics remain murky.
However, the chronology contradicts the negligence narrative:
- Sequential targeting: Why would accidental maintenance failures hit both the primary server and backup independently, days apart?
- No immediate recovery: If this was accidental, why weren’t recovery procedures immediately initiated after the first server failed?
- No forensic investigation: Despite months passing, no public disclosure has been made regarding the technical cause of the deletion.
- Selective silence: Why would institutional leaders remain silent for four months if this was an innocent mistake?
Agriculture expert Om Prakash, editor of Kisan Tak (India Today Digital’s sister portal), articulated the fundamental questions being raised across the sector:
“How could such highly sensitive data simply disappear? Why did a data wipe-out on Hyderabad’s backup server take place after the same happened in Delhi days ago? How is it acceptable that all that data is now lost? Was this simply a cyber-attack, or a data-loss accident, or a deliberate conspiracy to delete records? Why has no FIR been filed so far? Who is being held accountable for this massive data breach?”
Recruitment Credibility in Crisis
Perhaps the most damaging consequence is the evaporation of historical recruitment records. With interview evaluations, marksheets, and eligibility assessments destroyed, the integrity of past and future agricultural scientist recruitment is now in question.
ICAR conducts recruitment for positions across its sprawling network of institutes and research stations. These scientists guide crop development, pest management research, agricultural extension, and policy recommendations that affect hundreds of millions of farmers nationwide. If the audit trail for how these individuals were selected has been destroyed, how can the institution verify the legitimacy of those currently holding positions?
This ambiguity is particularly significant given that ICAR faced allegations of recruitment irregularities just months before this data destruction. In late 2024, questions were raised about the selection process for the Director position at the Indian Agricultural Research Institute (IARI). ICAR categorically denied these allegations, but the convenient destruction of recruitment records in early 2025 only intensifies scrutiny.
Governance Failures at Multiple Levels
The ICAR breach exposes critical governance lapses that extend beyond IT infrastructure:
1. Absence of Protocol Adherence: Data security protocols were “defied,” according to the Kisan Tak reporting, suggesting deliberate circumvention rather than system failure.
2. Delayed Reporting: No FIR was filed for months. Under India’s Information Technology Act and the Digital Personal Data Protection Act, 2023, such breaches require timely reporting to relevant authorities. ICAR’s silence violates standard protocols.
3. Inadequate Internal Controls: An institution that loses an entire archive of recruitment and research records simultaneously from primary and backup systems lacks fundamental IT governance oversight.
4. Administrative Non-Transparency: Despite Union Agriculture Minister Chouhan ordering the investigation committee in July, and the committee being tasked with submitting findings by July 31, no public report has been disclosed. This represents a failure of public accountability.
5. Governance Body Abstention: According to recent allegations, “most ex-officio members have abstained from participating in governing body meetings,” which “enabled unchecked irregularities”. This suggests governance structures designed to provide oversight have been rendered ineffective.
Broader Institutional Context
ICAR’s credibility challenges predate the server breach. In November 2025, organizations like the Coalition for a GM-Free India raised detailed concerns about ICAR’s scientific integrity, alleging “serious lapses in testing, insufficient data and inaccuracies in the analysis” related to gene-edited rice varieties.
The question becomes: Are the recruitment record destructions isolated from broader institutional integrity concerns, or do they suggest systematic efforts to eliminate evidence that could support external criticisms?
What Should Happen Now
The investigation committee’s composition must be reconstituted with independent cybersecurity experts, forensic data recovery specialists, and external audit authority representatives. The current internal-only investigation lacks credibility and professional expertise.
A public FIR must be filed immediately with the CBI or other investigative agencies empowered to examine deliberate data destruction or negligent breach of public trust. The four-month delay in filing any police complaint itself warrants investigation.
Dr. D.K. Yadava’s investigation committee findings must be released in full, with redactions only where genuinely necessary for national security—not for institutional convenience. The public has a right to know whether records were destroyed deliberately or through incompetence.
ICAR must implement an independent technical audit of all its backup systems, disaster recovery protocols, and IT infrastructure by credentialed external agencies. Budget allocation to cybersecurity should be substantially increased.
Finally, accountability mechanisms must have consequences. If the investigation reveals deliberate destruction, those responsible should face both administrative action and potential criminal prosecution. If gross negligence is confirmed, institutional reforms and leadership changes must follow.
The Larger Crisis
The ICAR breach is not merely an information technology incident. It represents a failure of institutional governance within India’s premier agricultural research body during a period when agricultural innovation is critical to national food security and farmer welfare. The destruction of recruitment records raises fundamental questions about institutional integrity, the legitimacy of current appointments, and the credibility of ongoing scientific work.
As India pursues its ambitions to become a global agricultural innovation hub, protecting digital assets and ensuring research continuity is not optional—it is foundational. Yet ICAR’s response to this crisis has prioritized silence over transparency, internal investigations over external accountability, and delayed action over swift institutional reform.
The suspicions that have intensified around this incident are not products of conspiracy thinking. They emerge from the institutional responses—or lack thereof—that have characterized ICAR’s handling of this catastrophe. Until independent, transparent investigation reveals what happened to those servers and why, those suspicions will only deepen.
–Kuppuswamy S
