ADVERTISEMENT

Government leaks nearly two million citizens’ documents

India’s Ministry of Housing and Urban Affairs left an open AWS bucket revealing nearly two million IDs, bank statements, and other files with sensitive citizens’ data.

Passport India

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Mar 11, 2025 Updated: 10 March 2025 2 min read
Niamh Ancell BW Ernestas Naprys Paulina Okunyte Gintaras Radauskas
Get our latest stories today on Google News
Add us as your Preferred Source on Google.

What data MoHUA was leaked?

  • Full names
  • Dates of birth
  • Places of birth
  • Aadhar numbers (India‘s unique ID number)
  • Phone numbers
  • Family member details
ADVERTISEMENT
“Leaking critical personal documents, including National IDs, proof of address, and bank statements, exposed individuals to identity theft. For example, attackers can impersonate individuals to open fraudulent bank accounts, apply for loans, or engage in illegal activities using stolen identities.”
  • Change the access controls to restrict public access and secure the bucket
  • Update permissions to ensure that only authorized users or services have the necessary access
  • Monitor retrospectively access logs to assess whether the bucket has been accessed by unauthorized actors
  • Enable server-side encryption to protect data at rest
  • Use AWS Key Management Service (KMS) to manage encryption keys securely
  • Implement SSL/TLS for data in transit to ensure secure communication.
  • Consider implementing security best practices, including regular audits, automated security checks, and employee training.

  • Leak discovered: October 23rd, 2024
  • Initial disclosure: October 25th, 2024
  • CERT contacted: January 2nd, 2025
ADVERTISEMENT