Express news service
KOCHI: Kochi-based cybersecurity firm Technisanct has uncovered a major Personally Identifiable Information (PII) leak in which hackers targeted an online banking platform. The personal information of more than a lakh of Indian nationals along with copies of their Aadhaar card, PAN card and canceled checks has been leaked and available for sale on a hacker forum.
According to Nandakishore Harikumar, founder and CEO of Technisanct, his team found 360 GB of content containing around 11 lakh of files with personal information of more than a lakh of Indian citizens in the famous hacker platform named Raid Forum. The hacker, who leaked the data, offered it for sale for $ 25,000.
“The data is being released from an online banking platform that has collected the KYC details in electronic format. We suspect that the hackers used the vulnerability of the cloud data storage of the banking platform. We expect the online bank to identify the security breach and take the necessary action. The personal information disclosed concerned the period 2018-2021. Interestingly, the Supreme Court has banned private entities from collecting Aadhaar for electronic verification since 2018, ”he said.
Technisanct recently detected a similar data breach of Tamil Nadu’s public distribution system, in which 65 million Aadhaar card numbers stored without encrypting them were found leaked in hacker forums. However, the agency that keeps the data has denied the breach.
An official from the Cyberdome of Kerala Police said that even when a massive cybersecurity breach occurs, companies refuse to complain, fearing the impact on their reputation. “No company is showing up to report cyber attacks these days, often rendering law enforcement powerless to take action. In addition to filing complaints on time, regular cybersecurity audits should be performed, which should include identifying any cyber attacks and breaches. Having secure firewalls alone will not prevent cyber attacks, ”said the police official.