The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities.
The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing portal to access up-to-date personal and financial data of other people. The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Tata Technologies says ransomware attack hit IT assets
January 31, 2025
Tata Technologies, a technology and product engineering service company owned by Indian conglomerate Tata Group, has disclosed a ransomware attack that has forced it to suspend some of its services. The Pune-headquartered company said Friday that the incident affected “a few of our IT assets” while its client delivery services “remained fully functional and unaffected throughout.” ...
- Thomas Cook India website goes down after cyberattack
January 1, 2025
Thomas Cook India has announced that its IT infrastructure is under a cyberattack. The travel services provider also said it’s working with security experts to investigate the incident and will take necessary remedial actions. The company stated that it promptly took steps to investigate and respond upon discovering the incident, including shutting down affected systems. The company’s ...
- APT trends report Q3 2024
November 28, 2024
In the second half of 2022, a wave of attacks from an unknown threat actor targeted victims with a new type of attack framework that we dubbed P8. The campaign targeted Vietnamese victims, mostly from the financial sector, with some from the real estate sector. Later, in 2023, Elastic Lab published a report about an OceanLotus ...
- Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
November 19, 2024
LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. While some vendors suspect that the actor using LODEINFO might be APT10, we don’t have enough evidence to fully support this speculation. Currently, we view APT10 and Earth Kasha as different entities, although they ...
- Canada labels India a ‘cyber adversary’ in new security report
November 1, 2024
India has been described as an adversary for the first time in an official Canadian government document. That description came in the National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security, on Tuesday. In its section on cyber threat from “state adversaries”, it includes China, Russia, Iran, North Korea and India. In ...
- Digital arrests – the newest deepfake tool used by cybercriminals
October 11, 2024
An Indian textile baron has revealed that he was duped out of 70 million rupees ($833,000) by online scammers impersonating federal investigators and even the Supreme Court chief justice. The fraudsters posing as officers from India’s Central Bureau of Investigation (CBI) called SP Oswal, chairman and managing director of the textile manufacturer Vardhman, on August 28 ...