Bengaluru-based cyber security startup Technisanct has said that Tamil Nadu’s public distribution system data has been breached. The data, including Aadhaar card numbers, addresses and mobile numbers, belonging to over 5.2 million consumers, have been lifted from their own server, said Nandakishore Harikumar, founder, Technisanct.
Data belonging to 5.2 million users, which includes 49,19,668 Aadhaar numbers, was uploaded on a popular hackers’ forum on June 28. It was also identified that tnpds.gov.in was a victim of a cyber attack and was hacked by a cyber criminal group that goes by the name 1945VN.
The data breach was reported to the computer emergency response team (CERT) by Technisanct. “Our team is further assessing the depth of the breach with special emphasis on the number of Aadhaar records publicly exposed as it is crucial to protect data belonging to citizens. We also assume that the vendor will be having more data from the same breach,” Mr. Harikumar said. Such data can be used for phishing or to create fake identity cards, he added.
However, Food and Consumer Affairs Department officials said the Chennai-based company that manages their website had denied the hacking.
In an explanatory letter, the company informed the Department that the application was designed in multiple layers and only the user interface, particularly index.html-home page, had been impacted, and there had been no data breach in the system. The company also said it did not store beneficiaries’ fingerprints in the application, and authentication happened on the UIDAI website.
Food Department officials said they would undertake a security audit shortly.