Tamil Nadu Police Facial Recognition Portal faced breach

A security flaw was discovered in the facial recognition webpage of the Tamil Nadu Police. Hackers gained access to a database holding vital software that the police use to trace down-and-away individuals, criminals, and other people using facial recognition technology.

Apart from this the data also includes FIR information such as FIR numbers, dates, details of involved parties as well as the physical addresses and contact details of 50,000 police officers.

data samples were made available on sale on the dark web. The breach was identified by threat intelligence platform FalconFeeds.io.

A group called ‘Valarie’ has claimed responsibility for the breach. A 55,000 lines of data about details of police officials, including IPS officers, a second file with 8.9 lakh lines of FIR data and another with 2,700 lines of data on police stations (mostly available in public domain) have been compromised.

CDAC (Centre for Development of Advanced Computing) Kolkata has developed the FRS software and it is hosted on the server at TNSDC (ELCOT).

The compromised FIR details include FIR ID, number, police station, investigating officer, date of registration, status of case, names in the FIRs, age, gender, parentage and address. The data is available for sale in a hackers’ forum for $2 to $3.

Acknowledging the breach, a statement is issued from the Office of the Director General of Police saying, “On preliminary enquiry, it is learnt that the password has been compromised in admin account. The admin account has limited rights like creation of id for users, queries search, and details of front end can only be viewed.”

A complaint was lodged at Cyber Crime Police Station, Chennai, and information has been communicated to ELCOT, TNeGA, CDAC-Kolkata for necessary action, the statement said.