Digital services have made everyday tasks from banking to tax filing easier than ever. But with that convenience comes a serious responsibility: protecting user data.
In a country where millions rely on government portals for sensitive transactions, even a small technical flaw can have serious consequences. People trust these systems believing their personal information is protected by the highest security standards.
That trust was shaken when security researchers discovered a major vulnerability in India’s income tax e-filing website. The flaw, known as an Insecure Direct Object Reference (IDOR), allowed any logged-in user to access another taxpayer’s details by simply changing the PAN number in a request.
The exposed data included full names, Aadhaar numbers, addresses, phone numbers, emails, and even bank account details. With over 135 million registered users, including individuals and companies, the risk was massive. It’s still unclear whether anyone exploited the loophole before it was fixed.
Although the bug was patched by early October, officials have not disclosed how long the flaw existed or if any data was stolen. That silence has raised serious questions about transparency and accountability.
Identity theft is not a distant threat it can cause severe financial and emotional damage. This incident highlights the urgent need for regular independent security audits and clear public communication whenever vulnerabilities are found.
Citizens deserve more than digital access; they deserve confidence that their data is safe and their trust protected.
