3.8 crore people's data breached in PDS in Tamil Nadu

Chennai: Tamil Nadu public distribution system (PDS) website got breached, and the data of 3.1 crore people are on sale on a hacker forum, reports The News Minute. The incident came to light after the cybersecurity startup Technisanct disclosed the same earlier this week. The Tamil Nadu Civil Supplies and Consumer Protection Department website had shown that it had been hacked by "1945VN" on June 26th and under maintenance later. Out of the 3.1 crore people's data, Technisanct found 1.94 crore Aadhaar card data. The Tamil Nadu PDS website encases 6.8 crore registered beneficiaries with 2.13 crore registered mobile numbers and 6.76 crore Aadhaar cards.

Technisanct said that it identified the threat on June 28th, when it noticed that the data of 52 lakh people were uploaded to the forum. It reached out instantly to the Tamil Nadu government, the union government and CERT-IN, India's nodal cybersecurity agency. The uploaded data was taken down no sooner than it was put up. Technisanct believes that more data would be leaked, and those who breached must be expecting a better price. The agency told TNM that the hacker claims that they have access to the entire PDS data, belonging to 6.8 crore people of Tamil Nadu, which is around 1.9 TB.

But according to Food and Consumers Affairs Department officials, the firm that manages their site had denied claims that the site was hacked. The firm told the department that only the homepage was defaced and no data breach occurred. The department added that an audit would be conducted soon.

However, Technisanct sought the need for an audit if there was no breach. It warned that if the data breach is true, it would be a major digital footprint, and the hacked data could be used for phishing. People will fall easily for it since the breached data is only known to the government other than oneself. Those who are using the data only needed to pose as government officials.

Though the name, address, age, etc., are available in the open as voters' list is public, mobile number, Aadhaar, date of birth, family relationship etc., (PDS information) are not and are very sensitive. The latter could be used to profile individuals, families and communities in many ways, such as voter profiling, building credit profiles of the entire demography, etc.

The data breach has been reported as the state government plans to create a State Family Database for e-governance, a single source for all details regarding the states' residents. This could help all government departments use it, meaning the database would cut across departments. If this database is breached, the consequences will be unbearable.

Technisanct suggests all the data stored by various government departments should ensure that the digital infrastructure is being monitored and audited as India does not have a personal data protection law, and there are no mechanisms in place to counter a breach.

Tags: