The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities.
The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing portal to access up-to-date personal and financial data of other people. The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- India: EPFO, PMO data breach, Centre says aware of reports, Cert-In looking into details
February 21, 2024
The government is aware of reports of a data breach that claims having datasets from the Prime Minister’s Office (PMO) and the Employees’ Provident Fund Organisation, and has asked the Indian Computer Emergency Response Team (Cert-In) to look into it, senior officials told ET. “We are aware of it but need to verify if the claims ...
- Hyundai Motor India fixes bug that exposed customers’ personal data
January 12, 2024
Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market. TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address and phone number of Hyundai Motor India customers who have serviced their vehicles at any of the company’s authorized service ...
- India: Forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists
December 28, 2023
Amnesty International, in partnership with The Washington Post, has unearthed shocking new details about the continued use of NSO Group’s highly invasive spyware Pegasus to target prominent journalists in India, including one who had previously been a victim of an attack using the same spyware. The Security Lab recovered evidence of a zero-click exploit which was ...
- Indian IT services giant HCL Technologies hit by ransomware
December 22, 2023
Indian IT giant HCL Technologies apparently suffered a significant ransomware attack. Multiple media sources are claiming that the company filed a new report with the National Stock Exchange of India, in which it describes falling prey to a limited ransomware attack, stating that it “has become aware of a ransomware incident in an isolated cloud environment ...
- Social engineering attacks lure Indian users to install Android banking trojans
November 20, 2023
Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such ...
- Indian hackers launch cyber attacks on Qatar to avenge death penalty of former Navy officers
November 8, 2023
An Indian hacker group, named ‘Indian Cyber Force’ launched cyber attacks on Qatar in response to the death sentence handed to eight former Indian Navy officers by a Qatari court in Espionage case. The Indian hackers claimed of carrying out cyber attacks on Qatar on November 7. They also alleged of executing unauthorised server access, leaked ...