Exposed Data Include Photos Used as Proof of Residence
In addition to the scans of Aadhaar cards, caste certificates and PAN cards, the report said that the sensitive records exposed to the public include photos used as proof of residence. Additionally, the screenshots taken within financial apps as proof of fund transfers along with professional certificates, degrees and diplomas were also said to be part of the records that were exposed. “The private personal user data within these documents gave a complete profile of individuals, their finances, and banking records,” vpnMentor said in the report. “S3 buckets are a popular form of cloud storage across the world but require developers to set up the security protocols on their accounts,” vpnMentor said in the report. Further, the vpnMentor team provided samples of the document stored in the misconfigured AWS S3 bucket including scans of Aadhaar card and caste certificate.
Data Breach Could Result in Identity Theft and Tax Fraud
The report said that the volume of the sensitive data that were exposed to the public made the data breach “deeply concerning.” Identity theft and tax frauds were listed on the report as the possible crimes that could be committed by cybercriminals based on the data breach. Additionally, the report said that hackers could access BHIM account and withdraw large amounts of money. “The exposure of private data may also contribute to a broader deterioration of trust between the Indian public, government bodies, and technology companies,” vpnMentor said in the report. “Data privacy is a huge concern for people from all sections of society, and many people could be reluctant to adopt a software tool linked to such a scandal.” The report said that the BHIM users concerned about the data breach might reach out to CSC e-Governance Services directly to understand the steps that are being taken by them to resolve the issue.
