Sensitive information, including bank account numbers, PAN numbers, PPO (pension payment order) IDs, tax-deductions and pension amounts of retired state government employees is being leaked on the Directorate of Treasuries and Accounts (DoTA) website, according to a New Indian Express report. Director of Treasuries and Accounts KSRC Murthy told NIE that the department was aware that displaying this data publicly was against the law, but that it would not rectify the situation until July 31 since "2.67 lakh pensioners are asking us for details to file IT returns". MediaNama visited the website and found that the leak has indeed not been fixed and that the sensitive information of several people can still be accessed with ease. We tried to search for a common name — Ramesh — selected a district randomly (Hyderabad in this case), and found that every single person with ‘Ramesh’ in his/her name showed up in the search results. Apart from the names, people's Pension Payment Order (PPO) ID, STO code and DOC were also visible. The PPO IDs are hyperlinked and can be used to download tax deduction documents with the person’s name, bank account number and PAN number. It's also worth noting that the website's search feature isn't sophisticated enough to recognise a complete name. As a result, a search for 'Ramesh' included names like such as 'Parameshwar' as well. [caption id="attachment_202385" align="aligncenter" width="649"] Search results for 'Ramesh' included names such as Parameshwar as well on the DoTA website.[/caption] [caption id="attachment_202386" align="aligncenter" width="662"] Using the PPO ID,…
