wordpress blog stats
Connect with us

Hi, what are you looking for?

Telangana website leaking sensitive data of pensioners; official says it won’t be fixed until July 31

Sensitive information, including bank account numbers, PAN numbers, PPO (pension payment order) IDs, tax-deductions and pension amounts of retired state government employees is being leaked on the Directorate of Treasuries and Accounts (DoTA) website, according to a New Indian Express report. Director of Treasuries and Accounts KSRC Murthy told NIE that the department was aware that displaying this data publicly was against the law, but that it would not rectify the situation until July 31 since “2.67 lakh pensioners are asking us for details to file IT returns”. MediaNama visited the website and found that the leak has indeed not been fixed and that the sensitive information of several people can still be accessed with ease.

We tried to search for a common name — Ramesh — selected a district randomly (Hyderabad in this case), and found that every single person with ‘Ramesh’ in his/her name showed up in the search results. Apart from the names, people’s Pension Payment Order (PPO) ID, STO code and DOC were also visible. The PPO IDs are hyperlinked and can be used to download tax deduction documents with the person’s name, bank account number and PAN number. It’s also worth noting that the website’s search feature isn’t sophisticated enough to recognise a complete name. As a result, a search for ‘Ramesh’ included names like such as ‘Parameshwar’ as well.

Search results for ‘Ramesh’ included names such as Parameshwar as well on the DoTA website.

Using the PPO ID, we could trace a person’s bank account details, PAN number, age and account balance.

Previous data leaks in India

In April, 7.8 crore Aadhaar records from Andhra Pradesh and Telangana were found on the hard disks of IT Grids Pvt Ltd, the firm which operates the Telugu Desam Party’s Sevamitra app. Further, forensic investigation by the Telangana State Forensic Science Laboratory (TSFSL) found that IT Grids stored Aadhaar data of crores of people on the Amazon Web Services (AWS) cloud. The databases contained the following personal data: Aadhaar number, Aadhaar enrolment ID, name, name of father, husband or guardian, date of birth, village name, mandal name, district ID and name, and state.

The same month, the Department of Medical, Health and Family Welfare of a north Indian state left a database connected to the internet without a password, exposing the medical records of more than 12.5 million pregnant women.

In Andhra Pradesh alone, government agencies have leaked citizens’ data multiple times:

  • In August 2018, personal data of 64,000 students, including Aadhaar numbers, was leaked by the Commissionerate of College Education, Andhra Pradesh
  • In July 2018, personal data of 23,000 farmers — including farmers’ phone numbers, Aadhaar numbers, father’s names, passbook and bank account numbers, and the district and mandal where they live — was leaked by the AP government
  • In June 2018, personal data of 4.5 crore citizens, including their phone numbers, insurance status, and home addresses, was could be accessed using only their Aadhaar number.
  • In June 2018, medical purchases’ data was leaked by an unsecured website of the AP government. The leak included sensitive purchase details of Suhagra 50, a generic version of Viagra, which is used to treat erectile dysfunction.

In July 2018 the department of agriculture of the Jharkhand government leaked personal and legal documents of individuals in the state. About 9,000 documents from the government portal were leaked. These included assorted legal, personal and business papers, many of which contained personally identifiable information of proprietors, licences, lease agreements between the individuals and the state government, licences to sell agricultural products, etc.

Note: MediaNama has not linked out to the original New Indian Express report or the website in question to protect the privacy of people whose data has been compromised. Any details which can potentially identify individuals have been blacked out.

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ