KOCHI: Kochi-based cybersecurity firm Technisanct has unearthed a major personal identifiable information (PII) leak in which hackers have targeted an online banking platform. The PII details of over one lakh Indian nationals with copies of their Aadhaar card, PAN card and cancelled cheques have been found leaked and available for sale in a hackers’ forum.
According to Nandakishore Harikumar, founder and CEO of Technisanct, his team has found 360 GB of content having around 11 lakh files with PII of over one lakh Indian citizens in the notorious hackers’ platform named Raid Forum. The hacker, who has leaked the data, has offered it for sale demanding $25,000.
“The data is leaked from an online banking platform which collected KYC details in the e-format. We suspect the hackers made use of the vulnerability of cloud data storage of the banking platform. We expect the online banking firm to identify the security breach and take required action. The leaked PII was of the 2018-2021 period. Interestingly, the Supreme Court has barred private entities from collecting Aadhaar for e-verification since 2018,” he said.
Technisanct recently detected a similar data breach from Tamil Nadu public distribution system, in which 65 million Aadhaar card numbers stored without encrypting these were found leaked in hackers’ forums. However, the agency which maintains the data denied the breach.
An official with the Cyberdome of Kerala Police said even when a massive cybersecurity breach happens, the companies refuse to complain fearing the impact on their reputation. “No company comes forward to report cyber attacks these days, often making enforcement agencies helpless in taking action. Apart from lodging complaints on time, there should be regular cybersecurity audits which must include identification of any cyberattack and breach. Having secure firewalls alone won’t prevent cyber attacks,” the police official said.