Who let the data out? 8K BBMP tax receipts online

As the receipts were not public documents, the BBMP should put in place security controls, like captcha or passwords, to ensure that no one can download multiple receipts.

View in App
BCCL
BBMP officials said the system for download of receipts is managed by the National Information Commission (NIC).
BENGALURU: In a case of breach of personal data, over 7,700 receipts of property tax payments made to the Bruhat Bengaluru Mahanagara Palike (BBMP) have been uploaded online by an unknown person.

The receipts contain the payees’ full names, the addresses of their properties, their zone classification, and the tax paid on the properties. ET is in possession of the 7,740 receipts that were uploaded. BBMP, however, refuses to term it a data breach, saying all receipts are in public domain anyway. Cyber security experts, however, have raised concerns.

The civic body’s commissioner, Manjunath Prasad, said anyone can download any number of receipts of taxpayers by entering random property tax numbers, and that this facility has been available since 2008. “Whoever has uploaded the data would have entered property IDs and downloaded the forms. But there is no advantage to anyone in obtaining these receipts,” he said.


Apparently, the receipts were not protected by an OTP or password in the interest of keeping the process simple. Seshadri T, advisor, IT Cell, BBMP, said no breach had taken place from the BBMP’s systems.

Bikash Barai, cofounder of FireCompass, a cyber security company that monitors global internet for breach-related risks, thinks otherwise. Hackers could misuse such data for “social engineering,” ie, fraud targeted at users. “For example, fraudsters can pose as government officials over the phone, use this data as validation and then demand money,” Barai said.

Such incidents, he believes, should be treated as an indicator that we need to enhance our security systems. As the receipts were not public documents, the BBMP should put in place security controls, like captcha or passwords, to ensure that no one can download multiple receipts.

BBMP officials said the system for download of receipts is managed by the National Information Commission (NIC). NIC technical director R Venkatesh said the servers used are placed at the state data centre, Centre for e-Governance, and the breach could have either occurred from there or from the BBMP’s GIS-enabled property tax information system (GEPTIS), a BBMP internal portal that provides mapping of all properties within BBMP jurisdiction.
ADVERTISEMENT

CEO of the Centre for e-Governance Sunil Pawar said there had been no breach of servers at the state data centre. “There are hourly logs available so if some breach happens, we will immediately get to know. But a breach can happen from anywhere and if it is brought to our knowledge by the officials, we can check its source,” he said.

J Prasanna, director of Singapore-based Cyber Security and Privacy Foundation, said databases of such receipts containing personal details are sometimes sold by cyber criminals on the dark web. “This particular data looks like a sample, ie, a part of the entire database. The criminal often shares such samples with prospective buyers, who then decide if they want to purchase it,” he said.

Any corporate firm that gives out personally identifiable information of any employee or customer is liable for up to three years’ imprisonment under a provision of the IT Act.
Download
The Economic Times Business News App
for Live Elections News & Results, Latest News in Business, Share Market & More.
Download
The Economic Times Business News App
for Live Elections News & Results, Latest News in Business, Share Market & More.
READ MORE
ADVERTISEMENT

READ MORE:

Sentiment Tracker

    You can select any three only
      Thank you for your responseThank you for your response
      ET India Fast Forward Budget 2019

      Can Nirmala Sitharaman pull India out of the limbo it is in right now?

      Take Our Budget Survey

      LOGIN & CLAIM

      50 TIMESPOINTS

      ET Business Listings
      Generate Enquiries for your Business by Listing on Economictimes.com

      More from our Partners

      Loading next story
      Text Size:AAA
      Success
      This article has been saved

      *

      +