Hackers post NHAI data online, say there’s more
NEWDELHI: Financial records, contract documents, and employee information of the National Highways Authority of India (NHAI) has been posted online by cyber criminals, according to cybersecurity researchers who said the stolen data includes personal identity documents of at least one former chairman of the agency that is responsible for building and maintaining highways in the country. The information was posted online on July 2, two days after NHAI denied sensitive information was compromised. The agency, however, confirmed it had on June 28 been the target of ransomware — a type of cyber attack carried out usually by groups looking to make money.
Details about the leak were shared with HT by Singaporebased cybersecurity firm Cyfirma, which said in its initial assessment that “the data compromised includes tax information, audit reports, passport copies, identity cards, assessment reports, and many other PII (personally identifiable information) and financial records”.
The data was in two files about 1.8GB in size, which the hackers said was 5% of the information they had. The files, seen by HT, included copies of personal identity documents of former NHAI chairman Raghav Chandra, included his passport and government ID card. According to Cyfirma, the hackers used the Maze ransomware, and the leaks may have been meant to force the NHAI to pay a ransom to stop more data from being exposed. “This is how Maze hackers work. They release in batches as they attempt to extort their victims,” said Kumar Ritesh, CEO of Cyfirma, in an email to HT. HT reported the breach on June 29, and NHAI officials at the time denied losing any data. On Thursday, representatives of the agency declined to comment on questions about the new disclosure. “As NHAI is going digital, it is advancing its security posture by adopting world’s best cyber security measures. It is adopting ...tool based user awareness training where user’s IT skill improvement can be monitored and measured,” said Akhilesh, chief GM (IT), of NHAI in response to HT’s questions.