This reported breach comes at a time when the state government is attempting to create a cross-departmental database of residents.
More data has emerged from the Tamil Nadu Public Distribution System breach that was reported last week. Cybersecurity startup Technisanct’s founder Nandakishore Harikumar told MediaNama that 31 million people’s personal details, including addresses, had been leaked as a result of the breach, in addition to the small data sample that was available last week on a hacker forum. Technisanct said that 19 million of these users’ Aadhaar numbers had been exposed. The Tamil Nadu government, which has mostly escaped major scrutiny over the large-scale hack, took the TNPDS website down for maintenance over the weekend; however, at the time of publishing this report, the site is back up.
A contractor tasked with running some of the TNPDS’s IT systems wrote in a clarification letter to the Tamil Nadu government that the leak was limited to a user-interface layer of the website, The Hindu reported. The publication did not name the contractor or the source of the letter. The report said that the Food and Consumer Affairs Department, which administers the PDS in Tamil Nadu, said it would undertake a security audit soon. MediaNama’s emails to the Tamil Nadu government have not elicited a response as of yet.
Tamil Nadu’s cyber initiatives ramped up
Last week, 5 million users’ data was leaked from the breached stash. This larger leak seems to indicate that the stolen user data, which was among the richest datasets on families that a state government can have, was much more voluminous than believed earlier. It’s not clear if the 31 million user details that were available, constitute the entirety of the breached information — the dataset may very well be much larger than this, as a now-deleted post by the hacker or hackers that breached the database was offering the data for sale.
Just last year, the Tamil Nadu government formulated a Cybersecurity Policy for the state and has taken steps to increase the role of digitisation in governance. The state is creating a cross-departmental database of its residents, a project that would vastly increase the data on residents that is available to the government. It is also integrating different databases to possibly build profiles of residents, by unifying tax data, property data, and facial recognition data.
- What Tamil Nadu is planning on cyber even as its PDS database was seemingly breached
- Summary: Tamil Nadu Cybersecurity Policy 2020
- Tamil Nadu’s All-In-One Database For E-Governance: State Family Database
- Tamil Nadu To Upgrade Criminal Tracking Architecture, Integrate With External Databases Like Facial Recognition System