Data breach exposes 2.9 lakh Bangalore Water Supply and Sewerage Board's customers' details: Report
Bengaluru: A major data breach has exposed the personal information of more than 2.9 lakh users of the Bangalore Water Supply and Sewerage Board (BWSSB), according to a recent probe conducted by the Bengaluru-based cybersecurity firm CloudSEK.
The breach involved unauthorised access to BWSSB's water connection application portal, exposing sensitive user data including Aadhaar numbers, PAN details, mobile numbers, full addresses, email IDs, and payment records, the probe report revealed, as cited by Deccan Herald on Tuesday.
The compromised database was reportedly listed for sale on BreachForum, an underground data leaks web forum, by a threat actor with the username pirates_gold.
"The initial post by the threat actor specified a payable amount of $500 (approximately Rs 42,616) for access to the compromised BWSSB database. However, upon direct engagement, the actor demonstrated high level of urgency and appeared willing to negotiate significantly lower prices, indicating a potential desperation to sell," CloudSEK noted in its findings, which were shared with both the BWSSB chairman and the Officer on Special Duty to Chief Minister Siddaramaiah.
"The post claimed that the database access would expose records of 2,91,212 users. It was explicitly stated that the compromised data did not include the user's passwords. Additionally, the post featured a few lines of sample data,” said the report, as cited by DH.
The leaked dataset reportedly contained multiple categories of information, including payment data, grievance data, application data, and system logs. The application data alone is said to contain over 2.91 lakh records, featuring full names, complete addresses, contact details, Aadhaar, and PAN numbers—details which could potentially be exploited for identity theft or financial fraud.
Despite the serious nature of the breach, sources in the BWSSB assured that the data was safe. "The entire billing data is stored in the Data Centre maintained by the Karnataka government. The 24x7 monitoring is at a high-security level and a breach of billing data was next to impossible,” DH quoted BWSSB sources as saying.
Meanwhile, BWSSB Chairman Ram Prasath Manohar acknowledged the report and stated that adequate measures would follow, noting that a case would be filed with the cybercrime police. “If a breach has indeed occurred, we will identify the root cause and involve technical experts to bolster our data security systems,” DH quoted Manohar as saying.
As part of its findings, CloudSEK recommended immediate corrective measures, including conducting a comprehensive security audit, revoking any exposed or potentially compromised credentials, and removing public access to administrative interfaces to prevent future breaches.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Mandya district court receives bomb threat, turns out to be hoax
Mandya (Karnataka) (PTI): A bomb threat email sent to the judge of the Mandya district court here triggered panic on Thursday, prompting police to launch a search operation.
According to police, the district court received a bomb threat through an email earlier in the day, following which authorities immediately evacuated the premises.
Court proceedings were halted, and lawyers, judges, staff and litigants were asked to immediately vacate the premises.
Police teams, along with the bomb disposal squad and fire brigade personnel, rushed to the spot and launched a thorough inspection of the court premises.
Senior police officials, including Additional Superintendent of Police Gangadhar Swamy, were present at the scene and supervised the search operation.
Police later said the threat appeared to be a hoax.
Lawyers said a similar email threat was received on February 16 as well, and expressed concern over the recurrence of such incidents.
Police said an investigation has been launched to nab those behind such acts.
