According to TechniSanct, a Bangalore-based cybersecurity company, the Public Distribution System (PDS) in Tamil Nadu was breached and data including personal information of nearly 5 million users was uploaded to hacker forums. The leaked data apparently included the Aadhaar number and sensitive information of the beneficiaries, including their family information and mobile phone numbers. Hackers can use leaked data to conduct phishing attacks and target vulnerable groups, including the elderly in the state. However, the state government has not publicly confirmed the violation.
According to cybersecurity startups, the data leaked on the Internet included information on a total of 49,19,668 people in Tamil Nadu. It includes the mailing addresses and Aadhaar numbers of affected users, as well as 3,59,485 phone numbers. Advertisement Shout reviewed the leaked data fields, which also included the “Makkal Number” introduced by the state government to record all citizens, including newborns.
In addition, the data that surfaced contained detailed information about the beneficiary’s family members and their relationship with the person who uploaded the information to the hacker. This incident was first reported by The Week.
It is not clear whether the data was leaked directly from a website related to the government of Tamil Nadu or a third-party supplier. However, the reported data appears to be only a small part of the Ministry of Civil Products and Consumer Protection of Tamil Nadu, as the dashboard on its website shows that the PDS system has more than 68 million registered beneficiaries.
Nandakishore Harikumar, CEO of Bangalore-based TechniSanct, told Advertisement Shout that the leaked data was uploaded and discovered on June 28, but was withdrawn an hour later.
TechniSanct said in a statement that shortly after its discovery, the vulnerability was reported to the Indian Computer Emergency Response Team (CERT-In). Harikumar also told Advertisement Shout that the director-general of additional cyber police in Tamil Nadu responded to the details of the report and confirmed that the report has been forwarded for investigation.
TecniSanct pointed out that the website of the Ministry of Civil Supplies and Consumer Protection of Tamil Nadu (tnpds.gov.in) was a victim of a cyber attack and was invaded by a cybercriminal group aliased as “1945VN”. However, it is not clear whether there is any connection between this attack and the recent violations.
Advertisement Shout has contacted the Chief Secretary of the Government of Tamil Nadu to comment on this matter and will update this space after receiving a response.
This is not the first time we have seen serious cybersecurity issues affecting the data of Indian citizens. In December last year, Advertisement Shout reported a loophole in the Telangana government website that exposed sensitive data of all its employees and pensioners. Allegedly, data on the personal website of Indian Prime Minister Narendra Modi (Narendra Modi) was also leaked on the dark web last year.
Experts believe that once the government passes the expected data protection law, network security issues may be restricted to a certain extent. A recent report by the International Institute for Strategic Studies (IISS), a London-based think tank, also pointed out that India has made little progress in establishing cyberspace security policies and beliefs and has not yet adopted an overall security approach to improve its cyberspace security. cyber security.