Data from the Tamil Nadu government website for the state’s public distribution scheme, which caters to over six crore beneficiaries, has reportedly been breached with the details of nearly 50 lakh users including Aadhaar numebrs uploaded on a hacker forum, a Kochi-based cybersecurity firm has reported.

According to a report by Technisanct, a link including 49,19,668 Aadhaar numbers was uploaded on hacker forum Raid Forums on June 28 by a vendor known to have shared leaked databases in the past. The data of up to five million users of Tamil Nadu’s PDS was leaked and included multiple parameters including the beneficiary member id, Aadhaar number, names of beneficiaries as well as that of their family members, addresses, mobile numbers, relationships, and more.

hacker-screenshot-raid-forum1

The data was uploaded for sale for eight Credits on the website—the link was taken off after just one hour.

Tehcnisanct mentioned reports from earlier this months of the tnpds.gov.in website being a victim of a cyberattack by the hacker “1945VN” who is believed to be of Vietnamese origin and who has been known to deface websites.

Speaking to THE WEEK, Technisanct CEO Nandakishore Harikumar said the data could just be the tip of the iceberg. “The Tamil Nadu PDS website serves over 6.8 crore beneficiaries. Since only the data of over 45 lakh people was shared, there is a chance the vendor has only uploaded a part of the overall breach.”

Harikumar said the Aadhaar data was stored in plaintext, which was the only reason this was hacked and made available. It is not yet known whether the data had been breached from the government’s website or from a third-party vendor handling the data.

“It is the responsibility of the government to ensure that its websites are regularly audited so that security issues can be identified,” he says.

Technisanct have alerted the Tamil Nadu police of the breach, and were told that the matter had been “forwarded for necessary action”

Technisanct had earlier reported a data breach from a “leading cybersecurity platform”, stating that information of over 3.4 million customers had been compromised.

Harikumar warned that the data could be utilised for phishing attacks, and called for both governments and people to be alert for such scams.

TAGS

Disclaimer: Comments posted here are the sole responsibility of the user and do not reflect the views of THE WEEK. Obscene or offensive remarks against any person, religion, community or nation are punishable under IT rules and may invite legal action.