A major data privacy scandal has erupted in Telangana, with allegations surfacing that the state’s police app has been sending personal details of hotel guests to an American blockchain company without consent. The TSCOP app, developed during the previous Bharat Rashtra Samithi (BRS) government’s tenure in 2022, has come under intense scrutiny following claims of a significant data breach.
Cybersecurity expert Srinivas Kodali brought these allegations to light on social media platform X, asserting that the TSCOP app had been hacked and was transmitting detailed information of hotel guests in Hyderabad to Zebichain, a US-based cryptocurrency company. “Why are you collecting details of everyone who checks into a hotel in Hyderabad and why are you sending them to a blockchain company — Zebichain?” Srinivas questioned, attaching screenshots of JavaScript repositories that appeared to collect extensive personal data including names, check-in/check-out times, ID proofs, vehicle numbers, addresses, and photographs.
Prominent marketer Mahesh Murthy further amplified these concerns, sharing Srinivas’ post and revealing additional details about Zebichain. In his tweets, Murthy described Zebichain as “a near-defunct crypto company based in California,” and highlighted the firm’s claims in its white paper about having a substantial contract with an Indian state, believed to be Andhra Pradesh, for managing land records. Murthy emphasized the gravity of the situation, estimating that up to one crore names of hotel residents in Hyderabad could have been sent to the US annually, given the city’s 1,100 hotels with an average occupancy rate.
The screenshots posted by Srinivas depicted repository folders labeled with sensitive categories such as ‘Courts and Prosecutions,’ ‘Crime Investigation,’ ‘CCTV Visitings,’ ‘Ganesh Pandal,’ ‘PD Act,’ ‘Rowdy Sheeter,’ ‘Dial100,’ ‘Hawkeye,’ and ‘Personal Services,’ among others. This revelation has raised severe concerns about the security measures and data handling practices of the TSCOP app, widely used by Telangana police for administrative and public safety purposes.
The allegations have sparked a public outcry and concern among privacy advocates, questioning the necessity and legality of a foreign cryptocurrency company accessing such detailed personal information without informed consent. “Serious security breach of citizens. We live in a surveillance state,” commented a user on X, reflecting the growing apprehension among the public.
Despite the mounting controversy, the Telangana police have yet to issue an official statement. According to reports, the police are investigating a separate breach involving the Hawkeye app, but there has been no confirmation or information regarding the alleged breaches in the TSCOP app and the Telangana State Police SMS Service.
The Deccan Chronicle reported on June 3 that stolen data from the Hawkeye app, which includes extremely personal user information, is being sold online for $200 (approximately ₹16,000). This incident has only added to the urgency for a thorough investigation into the TSCOP breach.
As the situation develops, calls for accountability and transparency are intensifying. Privacy experts and citizens alike are demanding answers and immediate action to secure the personal data of Telangana’s residents and ensure such breaches do not recur. The controversy underscores the critical need for robust data protection measures in an increasingly digital world.