Less than a week after The Cyber Express exposed the data breach of a crime reporting app in India’s Telangana State, a hacker has now claimed to have engineered yet another cyberattack on Telangana Police's data. The Thread Actor (TA) has claimed to have carried out the TSCOP App Cyberattack, which is the Telangana Police’s internal crime detection app across all its wings. The massive data breach claims to expose the personal details of police officers, criminals, and gun license holders in Telangana.

Understanding the TSCOP App Cyberattack

TSCOP app was launched on January 1, 2018, to ensure better collaboration and operational efficiency of the police at all levels across the state of Telangana. The app received a boost when it was equipped with the Facial Recognition System (FRS) whereby the police could identify criminals in a few seconds by comparing a suspect's face with lakhs of digital photographs of people, including previous offenders, wanted and those missing stored in the central database. The App was also adjudged the ‘Best IT Project’ in India, for empowering police with information technology. [caption id="attachment_74941" align="alignnone" width="1200"] Source: Telangana Police Website[/caption] The TSCOP App Cyberattack was masterminded by a threat actor who goes by the name “Adm1nFr1end.” The same thread actor was responsible for Telangana Police’s Hawk Eye app data breach last week. The claims of cyberattack on the TSCOP app emerged on June 5, 2024, when the TA posted the alleged leaked data on BreachForums site. According to the TA, the leaked data includes the names, phone numbers and email addresses of police personnel from the Anti-Corruption Bureau, the Anti-Narcotics Bureau, Intelligence, Greyhounds (counter-insurgency wing against terrorists), Home Guards, and a host of other wings of the Telangana Police.

TSCOP App Cyberattack Samples

To substantiate the claims of cyberattack, the thread actor shared a few samples which revealed the phone number, name and designation of police officers. In a few cases, the district and zone of the concerned police officer were also leaked, along with the cop’s IMEI mobile number. But what could be major concern to the police is the leak of data related to criminals who were recently booked. The TA shared samples of offenders who were recently booked, which revealed the operations carried out by the concerned police station, the names, ages, mobile numbers, and addresses of the accused, the date on which they were booked, and in a few cases, the crime for which they were booked. The hacker also shared another sample, which could be of critical concern owing to breach of privacy of citizens. This data breach revealed the names, addresses, voter ids, date of birth and license number of citizens who had applied for a gun license and the reason for holding a weapon.

Experts Site Weak System Behind TSCOP App Cyberattack

When the Telangana Police’s website was hacked last week, cybersecurity experts had warned the cops of multiple attacks in the future. India’s popular data security researcher Srinivas Kodali said, “It is easy to hack into their system as they used basic authentication and encoding.” He condemned the state police for not hiring proper developers and putting the privacy of several thousand users at risk. [caption id="attachment_74951" align="alignnone" width="687"] Source: X[/caption] The Cyber Express has reached out to the Telangana Police, seeking their response on the cyberattack. We will update this story as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.