In the course of our routine darkweb monitoring, the Cyble research team came across a post by a Threat Actor (TA) on July 1, 2021. In the post on the cybercrime forum, the TA claims to be in possession of the Tamil Nadu Public Distribution System (TNPDS) database. TNPDS is the Department of Food Supply and Consumer Protection of Tamil Nadu. The breach has allegedly exposed 31M personally identifiable information (PII) of Indian citizens from Tamil Nadu, in addition to 20M Aadhaar numbers, thereby compromising a total of 51M records. A 12-digit unique identification number issued to residents of India, Aadhaar is used as a proof of identity and/or proof of address in KYC documents.
Figure 1: Post by the TA in the Forum
Our analysis indicates that the leaked data contains sensitive information such as:
- Full Name
- Beneficiary ID
- Beneficiary Member ID
- C/O (for Address)
- Full Address
- Date of Record Creation
- District
- Date of Birth
- Gender
- House Number
- UID (Unique ID/Aadhaar number)
- Year of Birth
The figure below showcases a sample of the leaked records.
Figure 2: Sample of the Leaked Data
As per our investigation the breached records consist of:
- 20M Aadhaar numbers
- 31M PII Records (excluding Aadhaar)
- Total 51M records
The compromised PII has a high potential for being misused by attackers to carry out malicious activities involving identity theft or social engineering attacks.
As data breaches continue to dominate headlines around the world, organizations are increasingly upgrading their data security practices. However, cybercriminals are always on the lookout for newer ways to evade the defenses of organizations to gain unauthorized access to valuable government and corporate data.
What is Aadhar? Aadhaar is a 12-digit unique identity number that can be obtained voluntarily by residents or passport holders of India, based on their biometric and demographic data. The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established in January 2009 by the government of India, under the jurisdiction of the Ministry of Electronics and Information Technology, following the provisions of the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016.
How to verify if you’re impacted? Cyble has indexed the leaked records on the data breach monitoring and notification platform, amibreached.com. Those who are concerned about their exposure can visit the website to gain more information.
Our Recommendations:
Below are some of the essential cybersecurity best practices to help create the first line of control against attackers. We recommend our readers to take these measures for safeguarding themselves against ensuing cyberthreats:
- Incorporate risk management practices and conduct a regular risk assessment of different assets.
- Never share your personal information, including financial information, over the phone, email, or SMSes.
- Use strong passwords and implement multi-factor authentication.
- Consistently monitor your financial transactions, and if you notice any suspicious activity, contact your bank immediately.
- Never open untrusted links and email attachments without verifying their authenticity.
- Consider registering on Cyble’s amibreached.com platform to stay up-to-date on your information exposure in the deepweb and darkweb.
About Cyble:
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.
