Data breach exposes 2.9 lakh Bangalore Water Supply and Sewerage Board's customers' details: Report
Bengaluru: A major data breach has exposed the personal information of more than 2.9 lakh users of the Bangalore Water Supply and Sewerage Board (BWSSB), according to a recent probe conducted by the Bengaluru-based cybersecurity firm CloudSEK.
The breach involved unauthorised access to BWSSB's water connection application portal, exposing sensitive user data including Aadhaar numbers, PAN details, mobile numbers, full addresses, email IDs, and payment records, the probe report revealed, as cited by Deccan Herald on Tuesday.
The compromised database was reportedly listed for sale on BreachForum, an underground data leaks web forum, by a threat actor with the username pirates_gold.
"The initial post by the threat actor specified a payable amount of $500 (approximately Rs 42,616) for access to the compromised BWSSB database. However, upon direct engagement, the actor demonstrated high level of urgency and appeared willing to negotiate significantly lower prices, indicating a potential desperation to sell," CloudSEK noted in its findings, which were shared with both the BWSSB chairman and the Officer on Special Duty to Chief Minister Siddaramaiah.
"The post claimed that the database access would expose records of 2,91,212 users. It was explicitly stated that the compromised data did not include the user's passwords. Additionally, the post featured a few lines of sample data,” said the report, as cited by DH.
The leaked dataset reportedly contained multiple categories of information, including payment data, grievance data, application data, and system logs. The application data alone is said to contain over 2.91 lakh records, featuring full names, complete addresses, contact details, Aadhaar, and PAN numbers—details which could potentially be exploited for identity theft or financial fraud.
Despite the serious nature of the breach, sources in the BWSSB assured that the data was safe. "The entire billing data is stored in the Data Centre maintained by the Karnataka government. The 24x7 monitoring is at a high-security level and a breach of billing data was next to impossible,” DH quoted BWSSB sources as saying.
Meanwhile, BWSSB Chairman Ram Prasath Manohar acknowledged the report and stated that adequate measures would follow, noting that a case would be filed with the cybercrime police. “If a breach has indeed occurred, we will identify the root cause and involve technical experts to bolster our data security systems,” DH quoted Manohar as saying.
As part of its findings, CloudSEK recommended immediate corrective measures, including conducting a comprehensive security audit, revoking any exposed or potentially compromised credentials, and removing public access to administrative interfaces to prevent future breaches.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Plea about 'threat' to Rahul Gandhi filed without his consent, to be withdrawn: Lawyer
Pune, Aug 13 (PTI): Hours after filing a plea in a court here claiming apprehension of threat to Rahul Gandhi from the followers of Vinayak Damodar Savarkar, the Congress leader's lawyer on Wednesday said it was filed without Gandhi's consent, and would be withdrawn.
He will submit another application on Thursday to withdraw the `Pursis' or the application filed before Judicial Magistrate (First Class) Amol Shinde, said Advocate Milind Pawar.
Pawar is representing Rahul Gandhi in a defamation case filed by Satyaki Savarkar, grand-nephew of Vinayak Damodar Savarkar, over certain statements made by the Congress leader against the late freedom fighter and Hindutva ideologue.
He drafted the application without consulting Gandhi and the latter has taken a "strong exception to the filing of this Pursis and expressed his disagreement with its contents", the lawyer said in a press release late in the evening.
The application filed by advocate Pawar earlier in the day said that complainant Satyaki Savarkar had admitted that he is also a direct descendant, through maternal lineage, of Nathuram Godse and Gopal Godse, principal accused in the assassination of Mahatma Gandhi.
Gandhi is the Leader of Opposition in the Lok Sabha and recently held a press conference in Delhi, placing before the nation evidence of electoral fraud by the Election Commission, the application said.
"Furthermore, during the parliamentary debate on the subject of Hindutva, there was a heated exchange between the Prime Minister and Shri Rahul Gandhi, a matter well known to the public. Against this backdrop, there is little doubt that the complainant, his great-grandfathers (the Godses), those connected with the ideology of Vinayak Savarkar, and some followers of Savarkar who are presently in power, may harbor hostility or resentment towards Gandhi," the application said.
"In light of the documented history of violent and anti-constitutional tendencies linked to the complainant's lineage, and considering the prevailing political climate, there exists a clear, reasonable, and substantial apprehension that Rahul Gandhi may face harm, wrongful implication, or other forms of targeting by persons subscribing to the ideology of Vinayak Damodar Savarkar," the application stated.
The Pune court has already granted bail to Rahul Gandhi in the defamation case. The trial is yet to begin.
Reacting to the development, Advocate Sangram Kolhatkar, Satyaki Savarkar's lawyer, asked why the application was filed in the first place. "This is nothing but an attempt to delay the trial by moving such frivolous pleas," he said.
Satyaki Savarkar has filed a defamation complaint against Rahul Gandhi, alleging that in a speech made in London in March 2023, the Congress leader claimed that V D Savarkar had written in a book that he and five to six of his friends once beat up a Muslim man and he (Savarkar) felt happy.
No such incident ever took place, and V D Savarkar never wrote any such thing anywhere, the complaint claimed.
