Data breach exposed data of Indian officials, claims report – But govt denies ID theft
The Indian government has outright denied a report that data breaches in organisations like Air India, Big Basket and Domino’s have exposed the email accounts and passwords of National Informatics Centre (NIC) emails to the hackers.
“There has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). The email system is totally safe and secure,” the government said in a press release.
It added that “cyber security breach on external portals may not impact the users of Government Email Service, unless the Government users have registered on these portals using their Government Email Address and have used the same password as the one used in the Government Email Account.”
“Adversaries” sending malicious mails to govt officials
Earlier, a report in The Hindu, quoted a government internal document as saying: “compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats as they are being used by “adversaries” to send malicious mails to all government users.”
The government alert note had reportedly said: “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious emails to all government email users. It may please be noted that largely these are name-based email IDs which are available with the malicious actors.”
The government alert warned that the hackers were planning to target government officials using a variety of methods, including phishing, in which attackers send e-mails to officials instructing them to click on a specific file or weblink and obtain permission. Several government officials, including defence ministry officials, were also reportedly sent a malicious link through WhatsApp and SMS, asking them to update their Covid-19 vaccination status.
“NIC system has put in place several security measures”
As per a tweet from independent internet security researcher Rajshekhar Rajaharia, “Hackers r sending malicious emails to government officials. They Created a website Covid19India[.]in (Now Suspended), similar to government site. This website was accepting only govt emails to get the official’s password. Website was hosted in Pakistan.”
The government, for its part, clarified: “NIC Email system has put in place several security measures such as two factor authentication and change of password in 90 days. Further, any change of password in NIC Email requires mobile OTP and if the mobile OTP is incorrect then change of password will not be possible. Any attempt of phishing using NIC Email can be mitigated by NIC. NIC also undertakes user awareness drives from time to time and keeps updating the users about potential risks and safety protocols.”
Interestingly, the government denial, while being categorical that there was no breach at NIC, is kind of mum on whether it sent out an alert note to its officials.
It may be recalled that February last, Air India had a breach that affected around 45 lakh “data subjects” in the world. In April, personal data of over 2 crore customers of Big Basket was put up for sale on the dark web. In May, data of 18 crore orders of Domino’s India became public and hackers created a search engine on the dark web.
The Indian government has outright denied a report that data breaches in organisations like Air India, Big Basket and Domino’s have exposed the email accounts and passwords of National Informatics Centre (NIC) emails to the hackers. “There has been no cyber breach into the email system of the Government of…
Recent Posts
- Two data brokers banned from selling ‘sensitive’ location data by the FTC
- “It’s actually quite difficult to build a really good generative AI application” – Amazon CEO outlines its AI vision, and challenges
- 17 Best Housewarming Gifts for Any New Home
- In-memory processing using Python promises faster and more efficient computing by skipping the CPU
- Would you watch a foreign film dubbed with AI to sound like the original actors?
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011