New Delhi: A database of the Central Industrial Security Force (CISF), comprising details of internal documents of the organisation and personal records of thousands of serving personnel, was available online for many days for anyone online to access them due to data security lapse, TechCrunch has reported.

According to Shodan, a search engine for exposed devices and databases, the database was first found to be exposed on March 6. After realising that the database was not secured with a password for days, Haltdos, the company which provides CISF with network security technology, finally confirmed that the database and security appliance were no longer online. Haltdos called the lapse a "serious security incident".

The security breach first came to light when a security researcher from India found the database, packed with network logs generated by a security appliance connected to CISF’s network, could be accessed without any need for a password. This meant anyone on the internet could access the logs from their web browser.

The logs contained detailed records of the files on the CISF network which were either open to all or blocked based on security rules. Those logs contained full web addresses of documents stored on the network, including more than 246,000 web addresses of PDF documents on CISF’s network. Many of these relate to personnel files and health records, and contain personally identifiable information of CISF officers. Some of the files were dated as recently as 2022.

In the past, some government institutions in India have silently fixed security issues when good-faith security researchers raised an alarm. But, more often than not, the government either rebuffs or fully denies the claims of security breaches when they come into the public domain.

As for the CISF, it is one of the Central Armed Police Forces in India providing security services to over 300 industrial units, government infrastructure projects, facilities and establishments located all over the country. It has more than 1,60,000 members, making it one of the largest police forces in the world.

The Wire is now on WhatsApp. Follow our channel for sharp analysis and opinions on the latest developments.