The West Bengal Police Cyber Crime Wing (CCW), tasked with handling highly confidential cyber investigations, was breached. The total service disruption was first reported on July 28, 2025. The data breach led to potential exposure of sensitive law enforcement data. The affected data centre hosted sensitive law enforcement tools like the CAT C5. CAT C5 filters out App-to-App calls (Voice over Internet Protocol, VoIP) for investigations, used statewide for multiple software and internet protocol-related data analysis. The CCW suspects deliberate sabotage beyond the external cyber-attack.
How did the breach happen
The staff from the third-party company managing the data centre reported a ransomware attack supported by discovering a ransom note at the site. All the data and storage were encrypted during the attack. The CCW noted that the private vendor retained exclusive remote access to the data centre during the event. This private vendor was contracted on a tender in December 2023 for installation purposes, which was completed by 2024. It is alleged that, despite repeated requests, the vendor withheld administrative control and access credentials for the data centre.
Several districts reported disrupted VPN connections two days prior to the attack. The breach underscores persistent concerns over outsourced IT infrastructure for critical government functions. It highlights the need for effective vendor management and precise administrative control over sensitive law enforcement systems.
Lapses in Internal scrutiny
The key incidents-
- Lack of Administrative Control: The police failed to intervene and monitor the breach in real time due to the loss of access to systems, after the vendor retained exclusive remote access to them. This happened despite repeated requests and high-level meetings (including July 25).
- Delayed response: Two days before the breach, several police districts reported VPN disconnections and inability to access the CAT C5 application. These disruptions were inadequately addressed.
- Weak vendor oversight: The private company’s explanations for the breach did not convince investigators, signaling a gap in vendor accountability mechanisms.
The data breach has exposed poor vetting of vendors and inadequate checks.
Response to the breach
FIR has been lodged with the Bidhannagar Cyber Crime Police Station for criminal conspiracy, breach of trust, and the IT Act. An investigation has been launched, focusing on whether the incident was ransomware or deliberate sabotage, and is scrutinizing both external and internal actors. There has been no public advisory or notification detailing the specific types of data compromised.
Technical findings remain unknown to determine if investigation records, complaint details, or digital evidence were accessed. The affected systems did contain sensitive case files. Hence, the possibility of exposure of personal data of people who interacted with the CCW cannot be ruled out.
Stay informed about important news affecting your security with Tsaaro Consulting. Visit www.tsaaro.com.
News of the Week
- Miami Jury Holds Tesla Partly Liable in Fatal Autopilot Crash, Awards $243 Million in Damages
Tesla is under intense scrutiny, after the Miami jury found it partly responsible for a fatal 2019 crash linked to its Autopilot feature. The plaintiff was awarded $43 million in compensatory damages for pain and suffering, and $200 million in punitive damages. It was alleged that Tesla’s promotional tactics have created a false sense of security around autonomous driving. The jury agreed that such misrepresentation contributed to pain and suffering of the plaintiff. The recent verdict has highlighted broader criticism from federal agencies like the NHTSA regarding critical safety gaps in Autopilot. The discussion represents a moment of reflection on technology, responsibility and public safety.
- State Police Cyber Crime Wing Hit by Data Breach, Suspected Sabotage Under Investigation.
India’s first AI-powered Anganwadi centre was inaugurated in Waddhamna village near Nagpur, Maharashtra, as part of the state government’s Mission Bal Bharari initiative. This pioneering centre has advanced digital tools such as virtual reality (VR) headsets, AI-enabled interactive smart boards, tablets, and gamified learning software. The project has already boosted enrollment at the centre, and plans are underway to expand this model to 40 more anganwadis in the Nagpur district. This initiative marks a significant step in using AI to revolutionize rural preschool education in India.
- India’s First AI-Powered Anganwadi in Maharashtra.
India’s first AI-powered Anganwadi centre was inaugurated in Waddhamna village near Nagpur, Maharashtra, as part of the state government’s Mission Bal Bharari initiative. This pioneering centre has advanced digital tools such as virtual reality (VR) headsets, AI-enabled interactive smart boards, tablets, and gamified learning software. The project has already boosted enrollment at the centre, and plans are underway to expand this model to 40 more anganwadis in the Nagpur district. This initiative marks a significant step in using AI to revolutionize rural preschool education in India.
- UK’s Online Safety Act raises concerns about free speech.
The United Kingdom’s Online Safety Act has sparked significant debate due to concerns about its potential impact on free speech. The Act aims to make the internet safer for children, requiring platforms to remove illegal and harmful content and implement strict age verification measures. It is being argued that its sweeping provisions risk censorship and infringement of rights. The government insists the law simultaneously protects both safety and freedom of expression. Concerns surround the act’s implementation, which can lead to potential online censorship in one of the world’s leading democracies.
- Nvidia faces scrutiny in China over H20 chip security risk.
In late July 2025, China’s Cyberspace Administration summoned Nvidia executives. They wanted the company to provide convincing proof that the H20 chips do not contain hidden “backdoors” or covert access points that could allow remote monitoring, location tracking, or shutdown of the chips. Now, Nvidia is facing heightened scrutiny from Chinese authorities over potential security risks associated with its H20 artificial intelligence (AI) chips. H20 chips are specifically designed for the Chinese market to comply with U.S export restrictions. Nvidia has firmly denied the existence of any backdoors or remote access capabilities in its chips, emphasizing its commitment to cybersecurity.
- FBI notified over a million Americans data was hacked: Allianz Life Data breach.
Over a million Americans compromised their personal data in a significant cyberattack targeting Allianz Life Insurance Company of North America. Hackers used sophisticated social engineering techniques to gain access to a third-party, cloud-based customer relationship management (CRM) system used by Allianz Life. Allianz responded swiftly by containing the breach within 24 hours, filing disclosure statements with authorities, and notifying federal agencies, including the Federal Bureau of Investigation (FBI). Allianz has begun contacting affected individuals, offering 24 months of identity theft protection and credit monitoring. This incident underscores the growing risk of supply chain attacks and highlights the increasing threat vis third-party service providers to exploit vulnerabilities in organizations.
Source-https://timesofindia.indiatimes.com/technology/tech-news/over-a-million-americans-data-hacked-allianz-life-says-majority-of-customers-data-stolen-fbi-notified/articleshow/122932778.cms
