Tuesday, July 16, 2024
- Advertisement -

    Latest Posts

    Tamil Nadu Police Facial Recognition Portal Data Breach Exposes Over 50000 Users’ Details

    More than 800,000 lines of data, including information of over 50,000 persons were exposed following a data breach of the Tamil Nadu Police Facial Recognition Portal on May 4, 2024. As per an X thread by FalconFeeds.io, a threat intelligence platform, the data was breached by a threat actor named Valerie who accessed FIR details, and contact details of police officers, among other things. According to FalconFeeds, the incident highlights vulnerabilities in critical public safety infrastructure and the need for enhanced security measures.

    Five kinds of datasets exposed:

    On May 5, FalconFeeds reported the following data to have been exposed:

    1. Police officer Data – 54,828 users’ information was exposed, including user ID, user name, first name, last name, police station, district, contact, last login, date joined, active status, staff status, superuser status, login type(s), verified person type(s)
    2. Police Station Data – 2,738 police stations’ data was exposed, including the police station ID, police station name, code, district, district code, pin code, contact details
    3. Police ID data – 54,934 users’ data was exposed user ID, image, user name, first name, last name, police station name, district, email address
    4. FIR Data – 898,352 FIRs were exposed with FIR ID, NIC FIR number, FIR number, person category, police station, district, investigating officer, launch date, occurrence date, stage of the case, name in FIR, age, gender, parentage, address
    5. Alert Data – 235,753 Searches/Alerts made were exposed along with the following data: Alert ID, alert against the query, query fir, alert against fir, source police station, source district, target police station, target district, alert result, not matched reason, alert made by, launch date, back date, initial comment, alert state.

    State police main server data wasn’t breached:

    As per an unsigned police press release, the password of an admin account was compromised and has since been deactivated. It also said that the account had limited rights like the creation of ID for users, query search and the details on the front end.

    “The unauthorized user can only view the front-end data (creation of ID for users, queries search) and hence, the unauthorized user could not have provision to access the backend data and main server data,” said the press release, adding that a complaint was lodged at Cyber Crime Police Station, Chennai. The portal is used by 46,112 users across Tamil Nadu.

    Tamil Nadu police long since using facial recognition in policing

    In 2020, MediaNama first covered the exercise of Tamil Nadu police scanning people’s faces using a facial recognition app called FaceTagr. The app is meant to help police officials identify suspects as criminals by comparing the live photos against its database.

    However, there are no criteria by which an officer may identify a person as a suspect. According to police, the scanning of faces depends “purely on a police official’s experience, and the various inputs he might have received during his investigation.” Additionally, the police even stated that officials do not need any warrant before seeking a person’s facial data. This is concerning since officials had admitted even then that the app could be abused in the hands of a rogue police official on the ground. Aravindhan P, Superintendent of Police at the Thiruvallur district in Tamil Nadu had said that the police constantly monitored police officials’ use of the app at a central control centre to make sure that didn’t happen.

    Even then, experts had asked that there be “clear procedures under the police manuals about the procedure when collecting and matching photographs” and “audits of the technology to ensure its scientific validity in live contexts, apart from reliance on standards.” Further, the use of such technology also requires training in its use and limitations. A similar request for audit was made in this case as well.


    STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!


    Also Read:

    The post Tamil Nadu Police Facial Recognition Portal Data Breach Exposes Over 50000 Users’ Details appeared first on MediaNama.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.