According to cybersecurity firm Technisanct, a data breach at the Tamil Nadu government’s website for the state’s Public Distribution Scheme (PDS) could potentially affect over six crore beneficiaries. Details of nearly 50 lakh users including their Aadhaar details were uploaded on a hacker forum.
What exactly happened?
According to the report by Technisanct, a link for a file-sharing platform containing 5.2 million columns of user data including 49,19,668 Aadhaar Numbers was uploaded on a hacker forum on 28th June 2021. These details were leaked by a vendor who is known to have shared leaked databases in the past as well.
The data of users of Tamil Nadu’s PDS included multiple parameters including the beneficiary member id, Aadhaar number, names of beneficiaries as well as that of their family members, addresses, mobile numbers, relationships, and more. The data was uploaded for sale for eight Credits on the website. The link was taken off after just one hour.
Speaking to The Week, the firm’s founder and CEO Nandankishore Harikumar said the data could just be the tip of the iceberg.
The Tamil Nadu PDS website serves over 6.8 crore beneficiaries. Since only the data of over 45 lakh people was shared, there is a chance the vendor has only uploaded a part of the overall breach.”
He further said that government websites often store sensitive data like Aadhaar numbers in plaintext, which could be how the data was hacked and made available. It is not yet known whether the data was breached by the government’s website or a third-party vendor handling the data.
Technisanct has alerted the Tamil Nadu police of the breach, and were told that the matter had been “forwarded for necessary action.”