wordpress blog stats
Connect with us

Hi, what are you looking for?

Telangana website leaking sensitive data of pensioners; official says it won’t be fixed until July 31

Sensitive information, including bank account numbers, PAN numbers, PPO (pension payment order) IDs, tax-deductions and pension amounts of retired state government employees is being leaked on the Directorate of Treasuries and Accounts (DoTA) website, according to a New Indian Express report. Director of Treasuries and Accounts KSRC Murthy told NIE that the department was aware that displaying this data publicly was against the law, but that it would not rectify the situation until July 31 since “2.67 lakh pensioners are asking us for details to file IT returns”. MediaNama visited the website and found that the leak has indeed not been fixed and that the sensitive information of several people can still be accessed with ease.

We tried to search for a common name — Ramesh — selected a district randomly (Hyderabad in this case), and found that every single person with ‘Ramesh’ in his/her name showed up in the search results. Apart from the names, people’s Pension Payment Order (PPO) ID, STO code and DOC were also visible. The PPO IDs are hyperlinked and can be used to download tax deduction documents with the person’s name, bank account number and PAN number. It’s also worth noting that the website’s search feature isn’t sophisticated enough to recognise a complete name. As a result, a search for ‘Ramesh’ included names like such as ‘Parameshwar’ as well.

Search results for ‘Ramesh’ included names such as Parameshwar as well on the DoTA website.

Using the PPO ID, we could trace a person’s bank account details, PAN number, age and account balance.

Previous data leaks in India

In April, 7.8 crore Aadhaar records from Andhra Pradesh and Telangana were found on the hard disks of IT Grids Pvt Ltd, the firm which operates the Telugu Desam Party’s Sevamitra app. Further, forensic investigation by the Telangana State Forensic Science Laboratory (TSFSL) found that IT Grids stored Aadhaar data of crores of people on the Amazon Web Services (AWS) cloud. The databases contained the following personal data: Aadhaar number, Aadhaar enrolment ID, name, name of father, husband or guardian, date of birth, village name, mandal name, district ID and name, and state.

The same month, the Department of Medical, Health and Family Welfare of a north Indian state left a database connected to the internet without a password, exposing the medical records of more than 12.5 million pregnant women.

In Andhra Pradesh alone, government agencies have leaked citizens’ data multiple times:

  • In August 2018, personal data of 64,000 students, including Aadhaar numbers, was leaked by the Commissionerate of College Education, Andhra Pradesh
  • In July 2018, personal data of 23,000 farmers — including farmers’ phone numbers, Aadhaar numbers, father’s names, passbook and bank account numbers, and the district and mandal where they live — was leaked by the AP government
  • In June 2018, personal data of 4.5 crore citizens, including their phone numbers, insurance status, and home addresses, was could be accessed using only their Aadhaar number.
  • In June 2018, medical purchases’ data was leaked by an unsecured website of the AP government. The leak included sensitive purchase details of Suhagra 50, a generic version of Viagra, which is used to treat erectile dysfunction.

In July 2018 the department of agriculture of the Jharkhand government leaked personal and legal documents of individuals in the state. About 9,000 documents from the government portal were leaked. These included assorted legal, personal and business papers, many of which contained personally identifiable information of proprietors, licences, lease agreements between the individuals and the state government, licences to sell agricultural products, etc.

Note: MediaNama has not linked out to the original New Indian Express report or the website in question to protect the privacy of people whose data has been compromised. Any details which can potentially identify individuals have been blacked out.

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ