Bengaluru Water Board Data Breach: Over 2.9 Lakh Records Exposed for Sale

Bengaluru: A massive security lapse at the Bangalore Water Supply and Sewerage Board (BWSSB) has exposed the personal data of over 2.90 lakh customers. Cybersecurity firm CloudSEK uncovered that sensitive details, including Aadhaar, PAN numbers, mobile contacts, and payment data, were put up for sale on a dark web forum for $500 (around ₹42,500).

According to a report by CloudSEK researcher Sourajeet Majumder, a hacker using the alias ‘pirates_gold’ offered direct access to BWSSB’s database on BreachForum. Alarmingly, the breach also included root access, enabling potential tampering with operational data, including payments and grievance records.

Investigators linked the breach to database credentials carelessly exposed in a publicly accessible “.env” file. Although passwords were not leaked, exposed details could easily be exploited for phishing and targeted cyberattacks, the report warned.

While BWSSB sources insisted that billing data stored at the Karnataka State Data Centre remains secure, cybersecurity experts stressed the urgency of comprehensive audits and the revocation of compromised credentials.

Responding to the findings, BWSSB chairman Ram Prasath Manohar stated that a cybercrime complaint would soon be filed. “We are taking immediate steps to identify vulnerabilities and strengthen our systems,” he added.

CloudSEK recommended removing public access to administrative panels and conducting regular security reviews to prevent future breaches.

With sensitive citizen information at stake, the spotlight now turns to how swiftly BWSSB can bolster its cyber defenses.

Read Also:

• Corruption Charges Dropped Against BWSSB Official in Rs 40 Lakh Case
• Bengaluru to revive 30 lakes with treated water, BWSSB ramps up efforts