Telangana Police Hit by Second Major Data Breach as App Compromised

In India’s southern state of Telangana, police have experienced a second major data breach within about a week. The force’s TSCOP (Telangana State COP) app has been compromised, with the data being offered for sale online for $120.

The TSCOP app is an internal application used by the Telangana Police to aid in crime-solving and law enforcement activities. Launched in 2018, the app provides instant access to criminal databases, allowing police officers to efficiently perform their duties. It also includes an integrated facial recognition system, which helps in identifying criminals, unknown bodies at crime scenes, and missing children.

In this particular data breach, the vulnerability stemmed from an unwise practice on the part of the developer of the TSCOP app, who embedded passwords as plain text, making it easy for hackers to gain access.

The incident is part of a series of recent hacks targeting Indian police, including a significant breach last month that exposed the biometric information of thousands of law enforcement officials and police applicants, including fingerprints, facial images, and other personal details.

More recently, a mobile app launched by the Telanga Police in 2014 known as ‘Hawkeye’ was breached on May 29th, exposing sensitive data such as names, email addresses, phone numbers, and locations of over 200,000 users. The data included details of complaints, SOS records, incident reports, and travel records, revealing personal information and compromising user privacy.

Designed to allow the public to report incidents, provide tips to the police, and report crimes, one of the HawkEye app’s key features is an SOS button, which users can activate in emergencies to seek immediate assistance. The leaked data in the Hawkeye breach includes personal details obtained through these SOS records.

Source: The Times of India

–

June 7, 2024 – by Ali Nassar-Smith