Nearly a month after The Cyber Express exposed a data breach in the digital assets of India’s Telangana State Police, the cops have restored services for the public on their official website.
The Telangana Police data breach came to light in June when their Hawk Eye app, a popular citizen-friendly crime reporting app and TSCOP app, an internal crime detection app of the state police, were reportedly compromised. As a fallout over the twin data breaches, the Telangana Police shut down public access to the official department website, citing maintenance.
The police also arrested a 20-year-old hacker who was responsible for the data breaches. In their report, the Telangana Police acknowledged that the news report on The Cyber Express gave them crucial leads that led to the arrest of the hacker.
Telangana Police Website Access Restored
The Telangana State Police website offers a variety of services to citizens, such as checking the status of their complaints and traffic tickets, making payments online, obtaining a police verification certificate for applying for a job or a passport, reporting stolen or lost mobile phones, reporting cybercrimes, and finding contact information for emergency services in the State.
All the above services were suspended by the police for almost the entire month of June because of the data breach. On June 30, 2024, the Telangana Police wrote a post on X informing the public that services have been restored.
“Access the Telangana Police services online! Visit **http://tspolice.gov.in** to report complaints, grievances, or concerns,” the police wrote in the post.
The post added that citizens could now directly download FIRs from the website. FIR, or the First Information Report (FIR), is a written document prepared by the police in India to detail a cognizable offence.
Improved Security Checks on Telangana Police Website
When the Hawk Eye app data was breached on May 31, the hacker threatened to leak sensitive data of over 200,000 citizens, including their Personally Identifiable Information (PII), names, email addresses, phone numbers, physical addresses, IMEI numbers, and location coordinates.
Days later, the same hacker breached the TSCOP app, which had sensitive data of police officers, criminals and gun license holders in Telangana.
Cybersecurity experts also warned the cops of multiple vulnerabilities that could be exploited.
“It is easy to hack into their system as they used basic authentication and encoding,” India’s popular data security researcher Srinivas Kodali said. He condemned the state police for not hiring proper developers and putting the privacy of several thousand users at risk.
Following the data breaches, the Telangana Police shut down access to the public to the website. The police then initiated a Vulnerability Assessment and Penetration Testing “across all police internal and external networks, web and mobile applications, as well as cloud and endpoints.”
The cops shared that security checks were being carried out to identify and address any weaknesses and to prevent any future breaches.
To ensure that there is an added layer of security on its website, the Telangana Police have now added a security feature of a One-Time Password (OTP) to the registered mobile number once the user has typed in their login credentials.
Despite the police officially declaring that the website services have been restored, many users shared that the services remained inaccessible. Most of the complaints were a 404 error message.
But sources told The Cyber Express that the other digital assets of the Telangana Police were undergoing maintenance and access would be restored in a phased manner after mandatory security checks were completed.