Pensioners’ info continues to leak from Telangana govt website
HYDERABAD: The Telangana government’s Directorate of Treasuries and Accounts (DoTA) website has again been leaking sensitive information of pensioners, including their name, address, PAN card number, bank account number and other key tax details, which if exploited can leave retirees at the mercy of scamsters and cyber criminals.
The issue was first brought to light in August by a London-based ethical hacker on Twitter, who informed the Indian Computer Emergency Response Team (CERT) that a website of the Telangana government had been leaking sensitive information. Post that, the Security Operations Centre (SOC) of Telangana had contacted the ethical hacker, intervened and claimed to have fixed the issue.
However, The New Indian Express has found that the details are still available for anyone intending to scavenge it. The ethical hacker, who works as an application security engineer in the UK, explained to Express that the details are now “hidden from the website but remain accessible”.
“The issue is with the directory listing, wherein several website directories containing over thousands of files can be accessed on the internet. Though they (SOC) have fixed it, I can still access the details as I know the file names,” he said. The engineer by profession had forwarded one such URL of the DoTA website to Express.
ITR details, spouse names still accessible on DoTA
The URL of the DoTA website contained the filename and revealed over 3,000 pensioners’ details. Express is withholding the links to the website, considering the sensitive nature of the information. The details included data on their payslips, spouse names, Income Tax Return details and so on. As of Tuesday evening, the links with the filenames were still accessible. Express had contacted Telangana’s SOC team over email regarding the same but has not received any response so far. The ethical hacker said though “it maybe slightly hard for general users to find these file names, it is not impossible”.
Earlier too, in 2019, the DoTA was in the limelight for leaking sensitive information of pensioners.