Delhi data breach: Details of 4,58,388 people leaked, says report; don't do this, or you can be in trouble

Delhi data breach: Even before the alleged Aadhaar data breach cases could have been resolved, another massive case of data leak has been reported from Delhi. Security researcher Bob Diachenko has claimed that sensitive data of around 4,58,388 individuals was left unsecured for public access by a company named Transerve. "A 4.1GB-sized database had been indexed by Shodan and was left unattended for public access. The database was named “GNCTD” which also stands for Government of National Capital Territory of Delhi and contained the following collections and records: 1. EB* Registers, 2. EB Users (14,861), 3. Households (102,863), 4. Individuals (458,388), 5. Registered Users (399), 6. Users (2,983)," claimed Diachenko in his blog.

"After analyzing the content I have come to the conclusion that database appears to be somehow related to a company named Transerve," he added.

The researcher claimed that the most detailed information contained in ‘Individuals’ collection which was basically a detailed portrait of a person, including Aadhaar numbers, voter card numbers, health conditions, and education.

"Households collection contained fields such as ‘name’, ‘house no’, ‘floor number’, ‘geolocation’, area details, ’email_ID’ of a supervisor, ‘is the household cooperating for survey’ field, ‘type of latrine’, ‘functional water meter’, ‘ration card number’, ‘internet facility available’ and even ‘informal name’ field," he wrote in his blog at securitydiscovery.com.

Diachenko claimed that he sent messages to the company but got no response. Later, he approached CERT India, the Computer Emergency Response Team under Ministry of Electronics and Information Technology, which secured the data and took it offline. 

Bob Diachenko has shared screenshots of the database and said it is unknown for how long the database was online.

On being contacted, Ankush Johar, Director at Infosec Ventures, has said that it is imperative for any firm that is operating at a Global or even National level to take necessary steps that ensure data security. 

"93% of attacks in 2017 started with a simple email and the Human layer was compromised. Often, only the technology layer is what firms are concerned about, unlike what the hackers think though...This showcases the need for adoption of a ‘Responsible Vulnerability Disclosure’ policy that doesn’t penalise the security researcher community. There is an ISO/IEC 29147 policy now available and companies serious about their security need to adopt this, to safeguard their cyber posture," Johar said. 

Watch This Zee Business Video

What you can do to stay away from harm?

You need to be careful about sharing your data with the surveyors who visit your residence/office and ask for your personal information like mobile number, voter number etc. You should not share any kind of personal data without confirming the identity of the people. If this is not done, then you have a lot to lose, including your hard-earned money.