Bihar Cybersecurity Researcher Deepak Kumar Uncovers Data Breach in LIC, Prompting Quick Fix

In a recent cybersecurity alert, vulnerabilities were discovered on several prominent government websites, including the Life Insurance Corporation (LIC) of India, potentially exposing sensitive user data. The findings were promptly reported to the Computer Emergency Response Team of India (CERT-In), which collaborated with organizations to address and fix the issues.

Overview of the Incident

Deepak Kumar, a cybersecurity researcher from Dumraon, Bihar, uncovered significant vulnerabilities on various government websites. Among them was the LIC portal, where over 10 Lakhs users’ data, including bank details, Aadhaar and PAN numbers, mobile numbers, email addresses, and physical addresses, were at risk. In addition to LIC, other key websites, including those of the Reserve Bank of India (RBI), Indian Railways (IRCTC), the Election Commission of India, the Union Public Service Commission (UPSC), and the Indian Institute of Banking & Finance, were found to have security weaknesses.

Details of the Vulnerabilities

These vulnerabilities were primarily attributed to issues like Insecure Direct Object Reference (IDOR) misconfigurations, which can allow unauthorized access to sensitive data. This specific flaw in LIC’s website exposed critical user information, putting millions of individuals’ personal and financial data at risk. Kumar responsibly reported these issues to CERT-In, ensuring that these vulnerabilities were addressed swiftly to prevent any potential misuse.

CERT-In’s Response and Actions Taken

CERT-In acknowledged the reported vulnerabilities and collaborated with the respective organizations to patch the security flaws. In an email correspondence, CERT-In expressed gratitude for Kumar’s responsible disclosure, recognizing his efforts in safeguarding public data and strengthening India’s cybersecurity infrastructure.

In their response, CERT-In stated, “The role of responsible security researchers is pivotal for creating a secure cyber ecosystem, and CERT-In strongly believes in working actively with researchers like you for the discovery of cybersecurity vulnerabilities and their subsequent remediation in a responsible manner.”

Public Awareness and Cybersecurity Best Practices

This incident underscores the importance of cybersecurity vigilance for both organizations and individual users. As cyber threats become increasingly sophisticated, public awareness and proactive measures are essential to ensure data safety. Here are some steps users can take to protect their information online:

1. Use Strong Passwords: Regularly update passwords, and avoid using the same password across multiple platforms.

2. Monitor Accounts: Keep an eye on bank statements and other accounts for unusual activities.

3. Enable Two-Factor Authentication (2FA): Wherever possible, use 2FA for an extra layer of security.

4. Beware of Phishing Attacks: Avoid clicking on unsolicited links or sharing personal details over email or SMS.