A Bengaluru-based cyber security startup has claimed that the personal data of 31 million public distribution system (PDS) beneficiaries in Tamil Nadu, including their Aadhaar details, were up for sale on a hacker’s platform.
According to NandaKishore HariKumar, the founder of Technisanct, the start-up which is into threat intelligence and digital risk monitoring, the vendor is claiming that he was able to breach the entire PDS data, which is around 1.9TB.
“We are still assessing the depth of the breach. In the first dump, we identified 4.9 million Aadhar details being there. Initially, the vendor got access to a small amount. It was initially 5 million, later he leaked another 20 million, and now it is 31 million,” Harikumar added.
He said they keep a watch on these forums regularly. Apart from Aadhaar details, names, addresses, date of birth, makkal number, beneficiary numbers and phone numbers have been breached.
Harikumar claimed that they had notified the state government and Computer Emergency Response Team (CERT) about it and they forwarded the issue for further investigation.
“We assume the hacker still has access to the server. It could be a server misconfiguration that led to this. But we cannot be sure of it as the government and their vendors should find it through forensic and security audits to see how this would have happened,” Harikumar said.
According to reports, the Chennai-based company which had been providing data service to the Tamil Nadu government has denied any data breach in the system.