SFLC.in writes to CERT.In and Government of Tamil Nadu on Public Distribution System Data Breach

Recently, it was reported that the Tamil Nadu’s Public Distribution System database was breached. The breach led to leaking of personal details including addresses of approximately 65 million people. This includes their Aadhaar details, makka number, contact details,  addresses. 

SFLC.in wrote to CERT.In, nodal agency of Government of India to respond to cyber security incidents, and the Government of Tamil Nadu requesting them to conduct security audits to respond to the data breaches. Section 70B of the Information Technology Act empowers CERT-In to conduct security audits and respond to data breaches. Rule 8 of the CERT-In Rules requires it to respond to cyber security incidents. Rule 9 of the CERT-In Rules requires it to analyse such incidents.

The Government of Tamil Nadu is the repository of the data. Therefore, SFLC.in has requested the Government of Tamil Nadu to kindly conduct a security audit of the software and hardware involved in the data breach and to update citizens and PDS beneficiaries on what has transpired with the data breach.

We would like to thank Srikanth for bringing the data breach to our notice.

You can read our letter(s) here:

Date: 07.07.2021

To
Mr. Ajay Lakra
Public Grievance Officer
CER-In
6, CGO Complex
Lodhi Road
New Delhi-110003

Dear Mr. Lakra,

Subject: Investigation into the Public Distribution System data breach in Tamil Nadu

Greetings from SFLC.in!,

SFLC.IN is the first Indian legal services organization that works exclusively on technology, law, and policy. As a not-for-profit organization engaged in the empowerment of Indian citizens about their digital freedom and rights, it operates as a collective bringing together different stakeholders to a common platform to further the cause of digital rights. SFLC.in promotes innovation and open access to knowledge by helping policy makers make informed and just decisions regarding the use and adoption of technology. As of 2021, SFLC.in is the only Indian organization to be inducted as a member of the IFEX, a global network to defend the right to freedom of expression and information.

As you would be aware, it was recently reported that the Tamil Nadu Public Distribution System was breached. The breach led to leaking of personal details including addresses of approximately 65 million people. This includes their Aadhaar card details, makka number, contact details, phone number, address, date of birth.

Section 70B of the Information Technology Act empowers CERT-In to conduct security audits and respond to data breaches. Rule 8 of the CERT-In Rules requires it to respond to cyber security incidents. Rule 9 of the CERT-In Rules requires it to analyse such incidents. Through this letter, we request you to kindly respond to this cyber attack and conduct a security audit of the Public Distribution System breach in Tamil Nadu as per the law.

Sincerely,
Prasanth Sugathan
Legal Director
SFLC.in
prasanth@sflc.in