Tamil Nadu’s Public Distribution System (PDS) was breached and data that included personal information of close to 50 lakh users was uploaded on a hacker forum, according to Bengaluru-based cyber-security firm TechniSanct. The leaked data apparently included Aadhaar numbers as well as sensitive details of the beneficiaries, including their family information and mobile numbers. Hackers could use the leaked data for phishing attacks and target vulnerable people, including elders in the state. However, the state government is yet to publicly confirm the breach.
The data that was leaked on the Web included information of a total of 49,19,668 people in Tamil Nadu, according to the cyber-security startup. It included mailing addresses and Aadhaar numbers of the affected users, alongside 3,59,485 phone numbers. The leaked data fields, reviewed by Gadgets 360, also included the ‘Makkal Number’ that the state government introduced to keep a record of all citizens including newborns.
Additionally, the surfaced data contained the details of beneficiaries’ family members and their relationship with the people whose information was uploaded by the hackers. The matter was first reported by The Week.
It is currently unclear whether the data was breached directly from a website associated with the Tamil Nadu government or a third-party vendor. However, the reported data seems to be just a small part of what the Tamil Nadu Civil Supplies and Consumer Protection Department has as the dashboard on its site shows that there are over 6.8 crore registered beneficiaries for the PDS system.
Nandakishore Harikumar, CEO of Bengaluru-based TechniSanct, told Gadgets 360 that the leaked data was uploaded and discovered on June 28, but was pulled after an hour.
Shortly after the discovery, the breach was reported to the Indian Computer Emergency Response Team (CERT-In), TechniSanct said in a statement. Harikumar also told Gadgets 360 that Tamil Nadu’s Additional Director General of Police of Cyber responded to the reported details and confirmed that the report had been forwarded for investigation.
TecniSanct noted that the website of the Tamil Nadu Civil Supplies and Consumer Protection Department (tnpds.gov.in) was a victim of a cyber attack and was hacked by a cyber criminal group that goes by pseudonym “1945VN”. It is, however, not clear whether there is any association between that attack and the latest breach.
Gadgets 360 has reached out to the chief secretary of the Tamil Nadu government for a comment on the matter and will update this space when we receive a response.
This is not the first time when we are seeing a serious cyber-security issue impacting citizens’ data in India. In December, Gadgets 360 reported a flaw existed in the Telangana government site that exposed sensitive data of all its employees and pensioners. Data from Prime Minister Narendra Modi’s personal site was also allegedly leaked on the dark Web last year.
Experts believe that cyber-security issues could be limited to some extent once the government passes the anticipated data protection law. A report by London-based think tank International Institute for Strategic Studies (IISS) also recently noted that India has made only modest progress in building its policy and beliefs for cyberspace security and is yet to adopt a whole-of-security approach to improve its cybersecurity.