The websites of two power distribution in Andhra Pradesh and Telangana were hacked resulting in their computer-based applications coming to a standstill for over three days, reports the Hindu. The report further adds that the hackers possessed data of 2 crore consumers in both states.

On Tuesday evening, the websites of the southern and northern power distribution companies of Telangana at Hyderabad and Warangal respectively, and southern and eastern power distribution companies of Andhra Pradesh at Tirupati and Visakhapatnam respectively, were hacked. The websites are maintained by Tata Consultancy Services in Hyderabad, per the report.

According to authorities, the data of the power companies was backed up and no routine functions were impacted. Only payments made by the corporations in ATM mode were affected. TCS has been working to restore the function and recover stolen data from the websites. Officials of Southern Power Distribution Company have filed a complaint with Cyber Crime Police Station in Hyderabad.

Officials suspected that the same hackers who targeted Air India and Andhra Bank websites may have been behind this attack. They also suspected that the hackers were targeting payments data in the companies, and did not rule out attempts to divert funds.

Andhra Pradesh and Telangana have seen multiple vulnerabilities and breaches of citizen data, including sensitive information like health and caste data.

Last month, 7.8 crore Aadhaar records from Andhra Pradesh and Telangana were found on the hard disks of IT Grids Pvt Ltd, the firm which operates the Telugu Desam Party’s Sevamitra app. Further, forensic investigation by the Telangana State Forensic Science Laboratory (TSFSL) found that IT Grids stored Aadhaar data of crores of people on the Amazon Web Services (AWS) cloud. The databases contained the following personal data: Aadhaar number, Aadhaar enrolment ID, name, name of father, husband or guardian, date of birth, village name, mandal name, district ID and name, and state. Further investigations revealed that IT Grids had Aadhaar records from “other southern states and a few states in north India” including at least 2 crore records from Punjab.

Multiple previous leaks in Andhra Pradesh

In Andhra Pradesh, government agencies have leaked citizens’ data multiple times:

  • Personal data of 64,000 students, including Aadhaar numbers, was leaked by the Commissionerate of College Education, Andhra Pradesh
  • Personal data of 23,000 farmers – including farmers’ phone numbers, Aadhaar numbers, father’s names, passbook and bank account numbers, and the district and mandal where they live – was leaked by the AP government
  • Personal data of 4.5 crore citizens including their phone numbers, insurance status, home addresses was made accessible by only Aadhaar number.
  • Medical purchases data was leaked by an unsecured website of the AP government. The leak included sensitive purchase details of Suhagra 50, a generic version of Viagra, which is used to treat erectile dysfunction.