Technology

7500 Employee Details Exposed on Telangana Treasury Website: Vulnerability Discovered by Cybersecurity Researcher Zishan

A critical data breach has been uncovered on the Telangana Treasury Department’s website, where sensitive details of over 7,500 employees were found publicly accessible due to a misconfigured system. The breach was identified and responsibly reported by Md Zishan Firoz, a cybersecurity researcher dedicated to securing government systems and raising cybercrime awareness.


Details of the Exposure

  • Discovered By: Md Zishan Firoz, a security researcher from Begusarai, Bihar.
  • Exposed URL: A file containing employee details was publicly accessible via Telangana Treasury’s website but has since been removed after the issue was resolved.
  • Data Exposed: Names, contact numbers, and potentially other sensitive personal information of 7,500 employees were vulnerable to unauthorized access.
  • Nature of the Vulnerability: The lack of authentication or authorization controls allowed the file to be accessed by anyone in the public domain, putting sensitive data at significant risk of misuse.

CERT-In’s Swift Response

After Md Zishan Firoz reported the vulnerability, the Indian Computer Emergency Response Team (CERT-In) collaborated with the Telangana Treasury Department to secure the exposed file. The breach has now been resolved, and additional measures have been put in place to prevent future incidents. This quick resolution demonstrates the critical role of collaboration between researchers and regulatory authorities in ensuring cybersecurity.


Potential Risks

  1. Data Misuse:
    • Phishing Attacks: Exposed contact information could have been exploited by cybercriminals to conduct phishing campaigns.
    • Identity Theft: The details may have been misused for fraudulent purposes or identity theft.
  2. Compliance Violations:
    • Privacy Breach: The incident violates privacy provisions under the IT Act, 2000, which mandates the protection of sensitive personal data.
    • Reputational Damage: Such exposures harm public trust in the Telangana Treasury Department’s ability to safeguard data.

Recommendations for Improved Security

  1. Immediate Steps:
    • Notify affected employees and provide guidance on protecting themselves from potential risks.
    • Conduct a thorough audit of all publicly accessible files to prevent similar incidents.
  2. Enhanced Security Measures:
    • Implement strict access controls and authentication mechanisms.
    • Conduct regular vulnerability assessments and penetration testing to identify and rectify security gaps.
  3. Compliance and Training:
    • Update policies and procedures to ensure compliance with data protection laws.
    • Organize cybersecurity training programs to educate employees about data protection and best practices.

About Md Zishan Firoz

Md Zishan Firoz is a skilled cybersecurity researcher with extensive experience uncovering vulnerabilities in critical systems, including government platforms and educational institutions like IIT Delhi, IIT Kanpur, and MIT. Based in Begusarai, Bihar, Firoz is a volunteer with CyberRakshak Intelligence, actively working to spread cybercrime awareness and empower individuals to report incidents.

For more insights and updates, connect with Md Zishan Firoz on LinkedIn.


Related Articles

Back to top button