Cybernews research team has discovered an exposed AWS bucket belonging to India’s Ministry of Housing and Urban Affairs (MoHUA) highlighting a serious lapse in data security and government accountability.
@Freepik
With nearly two million sensitive records — including national IDs, bank statements, and proof of address — left unprotected, this breach presents a substantial risk of identity theft, fraud, and phishing attacks. The prolonged exposure, even months after disclosure, raises concerns about the government’s responsiveness to cybersecurity threats and its ability to safeguard citizens’ personal information.
Government institutions, like private companies, are custodians of vast amounts of sensitive data, making them prime targets for cybercriminals. The MoHUA breach illustrates how poor access controls and misconfigured cloud storage can inadvertently expose millions to exploitation.
Cybercriminals can leverage leaked Aadhaar numbers, phone numbers, and family details for various forms of fraud, from creating fake identities for financial transactions to launching sophisticated phishing schemes. The fact that attackers could impersonate government agencies to deceive victims further amplifies the potential damage.
The failure to promptly address this security lapse not only increases the vulnerability of affected individuals but also erodes public trust in digital governance initiatives. As India continues its push toward digitization and data-driven public services, ensuring robust cybersecurity measures should be a priority. The suggested solutions — restricting public access, enabling encryption, implementing regular security audits, and training employees on data protection — are fundamental steps that should have been in place from the outset.
Beyond the immediate risks, this incident serves as a wake-up call for broader reforms in data protection and cloud security management within government agencies. India’s data governance framework, including initiatives like the Digital Personal Data Protection Act, must be enforced rigorously to prevent such breaches from recurring. In an era where data is as valuable as currency, governments must set an example in securing citizen information, not become a source of vulnerability.
