Tamil Nadu’s Public Distribution System (PDS) suffered data breach and the details of over 50 lakh users was uploaded on a hacker forum.
The data leak included the details of 50 lakh users which consisted of their personal details including their Aadhaar card number, The Week reported.
According to a report by Technisanct, a Kerala based big data and cyber security startup, a link for a file-sharing platform containing 5.2 million columns of user data including 49,19,668 Aadhaar numbers was uploaded on a popular hacker forum on June 28 by a vendor known to have shared leaked databases in the past.
The data of users of Tamil Nadu’s PDS included multiple parameters including the beneficiary member id, Aadhaar number, names of beneficiaries as well as that of their family members, addresses, mobile numbers, relationships, and more.
The data was uploaded for sale for eight Credits on the website the link was taken off after just one hour.
Tecnisanct noted that the website of the Tamil Nadu Civil Supplies and Consumer Protection Department (tnpds.gov.in) was a victim of a cyber attack and was hacked by a cyber criminal group that goes by the pseudonym “1945VN”.
It is, however, not clear whether there is any association between that attack and the latest breach, added a media report.
“The Tamil Nadu PDS website serves over 6.8 crore beneficiaries. Since only the data of over 45 lakh people was shared, there is a chance the vendor has only uploaded a part of the overall breach,” said Nandakishore Harikumar, Technisanct founder and CEO.
He further added that the government websites often stored sensitive data like Aadhaar numbers in plaintext, which could be how the data was hacked and made available.
It is not yet known whether the data was breached by the government’s website or a third-party vendor handling the data.
“It is the responsibility of the government to ensure that its websites are regularly audited so that security issues can be identified,” he added.
Technisanct have alerted the Tamil Nadu police of the breach, and were told that the matter had been “forwarded for necessary action”, The Week added.
Harikumar also pointed out that the data could be utilised for phishing attacks, and called for both governments and people to be alert for such scams.
