Hackers can use the leaked data for phishing attacks and target vulnerable people, including the elderly, in the state. However, the state government has not yet publicly confirmed the breach.
According to Bengaluru-based cyber-security firm Technisakt, Tamil Nadu’s Public Delivery System (PDS) was the victim of the breach and data containing personal information of around 50 lakh users was uploaded on hacker forums. The leaked data apparently included Aadhaar numbers as well as sensitive details of users, their family details and mobile numbers.
Hackers can use the leaked data for phishing attacks and target vulnerable people, including the elderly, in the state. However, the state government has not yet publicly confirmed the breach. According to the cyber-security startup, the data that was leaked on the web included information of a total of 49,19,668 people in Tamil Nadu. This included 3,59,485 phone numbers as well as postal addresses and Aadhaar numbers of the affected users. The leaked data field has also been found to contain ‘Makkal Number’ which was introduced by the state government to keep records of all citizens including newborn babies.
Where did the hacked data come from?
The data revealed contained details of the users’ family members and their relationships with people whose information was uploaded by the hackers. The matter was first reported by The Week. It is currently not clear whether the data was hacked directly from a website linked to the Tamil Nadu government or from a third party seller. However, the reported data is only a small part of what the Tamil Nadu Civil Supplies and Consumer Protection Department has in the form of a dashboard on its site. It shows that there are over 68 million registered beneficiaries for the PDS system.
Nandkishore Harikumar, CEO of Bengaluru-based TechniSanct, told Gadgets 360 that the leaked data was uploaded and traced on June 28, but was withdrawn after an hour. Technicant said in a statement that CERT-In was immediately informed of the breach. Harikumar also told Gadgets 360 that the ADG of Tamil Nadu’s cyber cell responded to the details reported and confirmed that the report has been sent for investigation.
TNPDS website has become a victim of cyber attack
TecniSanct noted that the Tamil Nadu Civil Supplies and Consumer Protection Department (tnpds.gov.in) website was the victim of a cyber attack and was hacked by a cybercriminal group. However, it is not clear whether there is any connection between that attack and the recent breach.
Obviously this is not the first time we are seeing a serious cyber security issue affecting the data of citizens in India. In December, a bug was reported in the Telangana government’s site that exposed sensitive data of all its employees and pensioners.