Security Bug In India’s Income Tax Portal Exposed Taxpayers’ Sensitive Data
The security bug in India’s income tax portal exposed taxpayers’ sensitive data, raising major concerns about digital privacy and government cybersecurity. According to TechCrunch, the flaw allowed unauthorized access to personal and financial information through the official e-Filing system before being patched by authorities.
Flaw Exposed Critical Taxpayer Information
The vulnerability, discovered in September by security researchers Akshay CS and “Viral,” allowed any logged-in user to view private data belonging to other taxpayers. The exposed information included full names, home addresses, email addresses, dates of birth, phone numbers, Aadhaar numbers, and even bank account details — all of which are highly sensitive.
TechCrunch verified the issue by allowing the researchers to access this reporter’s records through the portal. Once the issue was confirmed and responsibly disclosed, the researchers waited until the bug was fixed before the story was published.
Vulnerability Fixed After Responsible Disclosure
According to the report, the security bug in India’s income tax portal was resolved by October 2, following communication with the tax department. While the Indian Income Tax Department acknowledged receiving TechCrunch’s request for comment, it did not provide specific responses before publication.
The decision to hold the story until confirmation of a fix reflects responsible reporting practices, prioritizing public safety over speed.
‘Extremely Low-Hanging’ Bug Led To Widespread Access
The security researchers described the flaw as “extremely low-hanging,” meaning it required minimal technical skill to exploit. They discovered it while filing their own income tax returns on the government website.
Residents of India are required to file annual income statements using their Permanent Account Number (PAN), which uniquely identifies each taxpayer. During this process, the researchers found that logging in with their PAN credentials allowed them to access data belonging to any other registered user.
Growing Concerns Over Government Data Security
This incident has renewed debate about how government digital infrastructure handles citizen data. India’s digital services have rapidly expanded, but repeated lapses — from Aadhaar-related leaks to health data breaches — continue to erode public trust.
The exposure of such sensitive details could have led to identity theft, financial fraud, or phishing attacks if exploited by malicious actors.
Government’s Response And The Road Ahead
While the security bug in India’s income tax portal has been fixed, the episode underscores the urgent need for stronger cybersecurity audits and transparency within government tech systems. Experts suggest implementing regular third-party security testing, public vulnerability disclosure programs, and faster incident response mechanisms.
As India pushes further into digitizing governance and citizen services, data privacy must become a top priority. Citizens entrust the government with their most personal information — and protecting it should be non-negotiable.
Post a Comment