HYDERABAD: In a big data security breach, Andhra Pradesh panchayat raj department has put up property registration documents with biometrics, including fingerprints, collected while granting building permissions and scanned copies of Aadhaar cards of 65 lakh house owners on their portal —pris.ap.gov.in — without taking cybersecurity safety measures.

French security researcher Baptiste Robert , who goes by the Twitter handle, Elliot Alderson, and recently exposed vulnerabilities in TSPost disbursement portal and BSNL database, tweeted on Wednesday that panchayat raj department leaked 4,769 files in an open directory, including biometric data, scanned copies of Aadhaar cards and property registration documents. “This data is not coming from Aadhaar database, but you have to admit there is an issue here when even a governmental website is not able to handle personal data of citizens correctly,” he tweeted.

The French tech whiz also tweeted how the government website was brought down after his tweet. “Seven hours after my tweet, they replaced http://pris.ap.gov.in/bpl/uploads/ with a blank page. You don’t even know how to fix this issue. The documents are still accessible.”

When asked about it, AP panchayat raj department principal secretary S Jawahar Reddy told TOI: “PRIS has database of 65 lakh house owners of gram panchayats. We have collected dimensions of houses and other data to plug leaks on in-house tax collection in villages. The biometrics may have been taken by the researcher from land registration documents. I was told by the staff they took thumb impressions while granting building permissions. The system is in working stage and not stabilized. We are fixing the vulnerabilities.”

Chief information officer Srinivas Rao told TOI, “The panchayat raj department tax portal is still in pilot project stage. The staff is working on fixing mistakes. The site was hosted by a private agency. We have asked them to host it in state government data centre in Hyderabad. Orders were issued to all government departments to host sites only with the state data centre as it is secure.”

A security researcher on anonymity told TOI, “As AP is trying to implement 100% Aadhaar seeding with all departments and creating databases of Aadhaar copies and other data in almost all government departments, data leak has become routine.”

