Data Breach At Bangalore Water Supply And Sewerage Board Puts 290,000 Citizens At Risk: CloudSEK

A critical data breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB) has left personal data of over 290,000 city residents vulnerable, according to a report by cybersecurity firm CloudSEK. CloudSEK found that direct root access to BWSSB’s database was found being sold by a cybercriminal for just $500 on underground forums.

According to CloudSEK, access to the database means the attacker could alter, delete, or steal critical records such as payment data, service applications, and citizen grievances.

The discovery raises concerns about the potential for widespread misuse of citizens’ personal information. It also underscores the issue of cybersecurity readiness of public institutions that hold vast amounts of citizen data.

CloudSEK on April 10 identified a threat actor called pirates_gold offering unrestricted access to BWSSB’s database. This access was obtained through exposed credentials and a publicly accessible admin login portal, CloudSEK said.

The threat actor, pirates_gold, has been active since September 2024 and has targeted organisations across e-commerce, healthcare, and finance sectors globally. It has over 39 posts on dark web forums, as per CloudSEK.

The company traced the breach back to a publicly accessible .env file, containing plaintext MySQL credentials, alongside an internet-facing Adminer interface, commonly used for managing databases. These gave the attacker full administrative control, without any need for advanced hacking tools.

The breach illustrates how even basic oversights, like exposed configuration files, can be exploited by threat actors.

The breach could lead to a potential compromise of 291,212 user records, including:

• Full names of citizens.

• Phone numbers.

• Complete address.

• Aadhaar number.

• Email ID.

• Other sensitive application details.

CloudSEK said that the breach could have the following consequences:

• Targeted phishing attacks on citizens using their verified personal data.

• Disruption of essential services, as attackers could manipulate BWSSB’s operational databases.

• Erosion of public trust in digital services offered by civic bodies.

CloudSEK has urged government bodies to adopt proactive threat monitoring, secure coding practices, and strict data handling policies to prevent such breaches. The company said it has notified affected and relevant entities about the breach. It further recommends the following actions:

• BWSSB must assess systems for vulnerabilities and potential backdoors.

• Every exposed or potentially compromised credential must be revoked and replaced immediately.

• Public access to tools like Adminer should be disabled or restricted.