Photo by Tukaram Karve/Shutterstock.com
A severe data breach has impacted ThoughtGreen Technologies and Timing Technologies, allegedly exposing over 1.6 million sensitive records of Indian security forces, including the Police and Army. The leaked records include more than 250,000 documents linked to Physical Efficiency Tests (PET) for law enforcement personnel were compromised, along with 143,173 signature images of key personnel in India’s security sector.
This breach also uncovered various mobile applications and installation files within the database, heightening concerns about potential vulnerabilities and unauthorised files. Additionally, documents containing internal database names, login credentials, and password information were exposed, amplifying the security risks posed by this incident.
The database comprised 1,661,593 documents, totalling 496.4 gigabytes, and held extremely sensitive data. These exposed records included images of facial scans, fingerprints, signatures in both English and Hindi, descriptions of identifying marks like tattoos or scars, and a variety of official documents like birth certificates, employment and testing applications, diplomas, certifications, and other educational records.
Of particular concern were documents suggesting the inclusion of biometric data of members of police, military, teachers and railway workers. These records, believed to be from the two related entities, ThoughtGreen Technologies and Timing Technologies, included verification documents implying that both companies provide services in application development, analytics, development outsourcing, RFID technology, and biometric verification.
![](https://candid.technology/wp-content/uploads/2024/05/DataLeak-Biometric-WebsitePlanet-ss1-614x1024.jpg)
“Upon further investigation, I saw documents indicating the records belonged to two separate entities, which suggest they operate under the same ownership: ThoughtGreen Technologies and Timing Technologies, each of which provides application development, analytics, development outsourcing, RFID technology, and biometric verification services,” said cybersecurity researcher Jeremiah Fowler told Website Planet.
Upon discovering the breach, Fowler promptly initiated a responsible disclosure procedure by notifying both companies, which immediately restricted public access to the compromised database. However, it remains unclear how long the data was exposed and if unauthorised parties accessed the sensitive records.
The consequences of this breach are significant. The compromised biometric data, such as facial scans and fingerprints, presents serious dangers to those impacted. If misused, this data could lead to identity theft, impersonation, and potential threats to national security.
Furthermore, the exposure of such confidential information highlights the critical requirement for improved cybersecurity protocols, especially in the sectors managing biometric data.
In January 2024, a vulnerability was discovered in Rajasthan’s Jan Aadhaar portal, exposing sensitive information about Indians.
In October 2023, a massive trove of Aadhaar data of over 81.5 crore Indian citizens was released on the dark web for a mere $80,000.
In the News: JAVS Viewer used in courtrooms globally is under cyber attack