India’s income tax e-filing portal used by more than 135 million people had a major security flaw that exposed taxpayers’ private information, including bank details and Aadhaar numbers, according to a TechCrunch report. The government has since fixed the issue, but not before sensitive data of countless users was potentially left vulnerable.
The flaw, discovered in September by two security researchers, Akshay CS and “Viral,” made it alarmingly easy for anyone logged into the tax portal to access another person’s financial records. All it took was swapping out one PAN (Permanent Account Number) for another in a simple network request. Using everyday tools like Postman or even browser developer tools, anyone could view another taxpayer’s name, address, date of birth, phone number, bank account details, and Aadhaar number — all without authorization.
“This is an extremely low-hanging thing, but one that has a very severe consequence,” the researchers told TechCrunch.
Essentially, the system failed to verify who was allowed to access what data a basic security check known as “access control.” Because of this oversight, the portal left both individuals’ and companies’ sensitive data exposed. The vulnerability was confirmed by TechCrunch and later verified to have been fixed on October 2, after which the report was made public.
India’s Computer Emergency Response Team (CERT-In) and the Income Tax Department were alerted immediately after the flaw was found. While CERT-In acknowledged the issue and said a fix was in progress, it did not specify how long the vulnerability existed or whether any data had been misused.
The e-filing portal handles massive volumes of sensitive information with over 76 million people filing returns in FY 2024–25 alone raising serious questions about how securely taxpayer data is managed. Although the bug is now fixed, experts say it’s a wake-up call for government systems that store critical citizen data.
Even one overlooked line of code, as this case shows, can open the door to massive privacy risks especially when millions of Indians rely on digital platforms to fulfill mandatory financial duties.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
