Data breach exposes 2.9 lakh Bangalore Water Supply and Sewerage Board's customers' details: Report
Bengaluru: A major data breach has exposed the personal information of more than 2.9 lakh users of the Bangalore Water Supply and Sewerage Board (BWSSB), according to a recent probe conducted by the Bengaluru-based cybersecurity firm CloudSEK.
The breach involved unauthorised access to BWSSB's water connection application portal, exposing sensitive user data including Aadhaar numbers, PAN details, mobile numbers, full addresses, email IDs, and payment records, the probe report revealed, as cited by Deccan Herald on Tuesday.
The compromised database was reportedly listed for sale on BreachForum, an underground data leaks web forum, by a threat actor with the username pirates_gold.
"The initial post by the threat actor specified a payable amount of $500 (approximately Rs 42,616) for access to the compromised BWSSB database. However, upon direct engagement, the actor demonstrated high level of urgency and appeared willing to negotiate significantly lower prices, indicating a potential desperation to sell," CloudSEK noted in its findings, which were shared with both the BWSSB chairman and the Officer on Special Duty to Chief Minister Siddaramaiah.
"The post claimed that the database access would expose records of 2,91,212 users. It was explicitly stated that the compromised data did not include the user's passwords. Additionally, the post featured a few lines of sample data,” said the report, as cited by DH.
The leaked dataset reportedly contained multiple categories of information, including payment data, grievance data, application data, and system logs. The application data alone is said to contain over 2.91 lakh records, featuring full names, complete addresses, contact details, Aadhaar, and PAN numbers—details which could potentially be exploited for identity theft or financial fraud.
Despite the serious nature of the breach, sources in the BWSSB assured that the data was safe. "The entire billing data is stored in the Data Centre maintained by the Karnataka government. The 24x7 monitoring is at a high-security level and a breach of billing data was next to impossible,” DH quoted BWSSB sources as saying.
Meanwhile, BWSSB Chairman Ram Prasath Manohar acknowledged the report and stated that adequate measures would follow, noting that a case would be filed with the cybercrime police. “If a breach has indeed occurred, we will identify the root cause and involve technical experts to bolster our data security systems,” DH quoted Manohar as saying.
As part of its findings, CloudSEK recommended immediate corrective measures, including conducting a comprehensive security audit, revoking any exposed or potentially compromised credentials, and removing public access to administrative interfaces to prevent future breaches.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
50 passengers from Karnataka stranded in conflict region arrived in New Delhi: CM office
Bengaluru (PTI): Fifty passengers from the state who were stranded in the Gulf region amid the ongoing West Asia conflict arrived in New Delhi early Friday morning after departing from Fujairah in the UAE, Chief Minister Siddaramaiah's office said.
The protocol team (Karnataka govt) were at the Indira Gandhi International Airport in New Delhi with breakfast, it said.
They were transported on a KSRP (Karnataka State Reserve Police) bus and two cars to domestic terminals for their onward travel to Bengaluru, Mangaluru and Hubballi, the CM office said in a statement.
Many were disgruntled and complained to the team that MEA did nothing, and it was only a local organisation that helped them with their tickets, etc., the statement claimed.
"Incidentally, we are the only state so far that is providing this assistance at the Delhi airport," it added.
