- Telangana police app allegedly shared hotel guest data with a US crypto firm without consent.
- Millions of names potentially leaked, raising privacy concerns.
- Data breach exposes sensitive information beyond hotel guests.
A cybersecurity expert has raised serious privacy concerns about the Telangana police app, TSCOP. Srinivas Kodali alleges that the app, which was launched in 2022 under the previous government, shared personal information of hotel guests in Hyderabad, including details of their companions, with a US-based cryptocurrency company called Zebichain.
This data sharing reportedly happened without the guests’ consent and raises questions about the security of the TSCOP app, which has also been compromised by a recent hack.
A social media post by cybersecurity expert Srinivas Kodali on platform X has sparked concerns about data privacy and Telangana police app security.
Kodali questioned the police on X, asking why they collect hotel check-in details for everyone in Hyderabad and send them to Zebichain, a seemingly inactive Californian blockchain company. He included screenshots of code repositories, allegedly showing data collection of guest names, check-in/out times, ID details, vehicle numbers, addresses, and even photographs. This revelation, coupled with the recent TSCOP app hack, raises serious questions about data security practices.
“Zebi USA in their white paper claim that they have a large contract with an Indian state — which I deduce to be Andhra Pradesh — for managing land records. How this data can leave government hands, or even India — I do not know.”
Mahesh Murthy, marketer
Expanding on the data privacy concerns, social media user Mahesh Murthy estimated the potential scale of the data leak. Based on Hyderabad’s hotel count, average room numbers, occupancy, and guests per room, Murthy suggests millions (over 1 crore) of hotel residents’ names could have been illegally sent to the US annually.
Further fueling concerns, screenshots shared by Kodali revealed the app’s data repositories contained folders beyond just hotel guest information. These included seemingly sensitive datasets like “Courts and Prosecutions,” “Crime Investigation,” “CCTV Visitings,” and even “Rowdy Sheeter” (habitual offender). This raises questions about the app’s data collection practices and the potential exposure of critical public safety information due to the recent security breach.
Public outcry has intensified following cybersecurity expert Srinivas Kodali’s allegations. Concerns focus on how a foreign cryptocurrency firm (Zebichain) obtained extensive personal details of Hyderabad hotel guests, including companions, without user consent. Privacy advocates highlight the legal and ethical implications of this alleged data transfer.
Adding fuel to the fire, the Telangana police have remained silent on the matter. While investigations into the previous HawkEye app breach are ongoing, there’s no official word on the TSCOP app breach or the compromised Telangana State Police SMS Service. This lack of transparency has fueled public outrage, with social media users like one on platform X expressing concerns about a potential “surveillance state.” Calls for a comprehensive investigation into the entire situation are growing louder.
