According to Bengaluru-based cyber-security firm TechniSanct, Tamil Nadu’s Public Distribution System (PDS) was hacked, and data containing personal information of almost 50 lakh customers was posted to a hacker site. Aadhaar IDs, as well as sensitive facts about the recipients, such as their family information and cellphone numbers, were reportedly leaked.
It is also being said that the stolen information might be used for phishing attempts on vulnerable people in the state, such as the elderly.
The state administration, on the other hand, has yet to officially disclose the breach.
As per the cyber-security company, a total data of 49,19,669 people was stolen on the Web in Tamil Nadu.
It comprised 3,59,485 phone numbers, as well as the affected consumers’ email addresses and Aadhaar numbers.
Furthermore, the exposed data included information on recipients’ family members as well as their relationships with the people whose data was posted by the hackers. The Week was the first to report on the situation.
It’s unclear if the information was taken directly from the website, via a third-party reseller, or from the Tamil Nadu government.
According to the dashboard on the department’s website, the PDS system has over 6.8 crore registered beneficiaries, thus the provided data appears to represent a small proportion of what the Tamil Nadu Civil Supplies and Consumer Protection Department has.
The stolen data was posted and found on June 28, according to Nandakishore Harikumar, CEO of Bengaluru-based TechniSanct, but was removed after an hour.
The Indian Computer Emergency Response Team (CERT-In) was reported shortly about the breach after it was discovered, according to a statement released by TechniSanct.
Harikumar also informed that Tamil Nadu’s Additional Director General of Police for Cyber replied to the facts given and verified that the case had been sent for inquiry.
A cybercriminal gang is known as “1945VN,” hacked the website of the Tamil Nadu Civil Supplies and Consumer Protection Department, according to TecniSanct. It’s unclear whether the attack and the most recent hack are linked.