Sign in

Leak in system: Delhi Jal Board site feature exposes millions to scammers

A Delhi Jal Board website flaw exposes residents' data, enabling scams worth 10 crore as fraudsters impersonate officials and steal money.

Updated on: Jun 20, 2025, 06:08:02 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

A feature on the Delhi Jal Board’s website has created a vulnerability that potentially allows scammers easy access to tens of thousands of residents’ personal information, which may have enabled frauds worth at least 10 crore in four months, according to police.

With easy access on the website, anyone can access data of DJB users, their mobile phone numbers, their addresses, and KNO numbers. (Representational image)
With easy access on the website, anyone can access data of DJB users, their mobile phone numbers, their addresses, and KNO numbers. (Representational image)

The DJB’s “Know Your KNO” portal, designed to help citizens find their 10-digit water connection identifier, inadvertently functions as a data harvesting tool. Anyone can input a partial address—as few as 10 characters—and access detailed results showing residents’ full names, addresses, mobile numbers, and unique connection numbers (KNOs). These KNO numbers can then be used to get bill details of individual customers.

With 2.9 million water connections across Delhi potentially exposed through this vulnerability, fraudsters pose as DJB officials and contact victims with urgent disconnection threats, using their personal and bill details to establish credibility before stealing money through malicious mobile applications or other means.

The scam now accounts for approximately 20% of all cybercrimes reported in Delhi, according to multiple police station house officers across the capital.

According to cyber officials, at least 5,000 complaints are received on NCRP each month in Delhi. Of these, more than 700 are complaints related to DJB fraud. Police said FIRs are limited to 100-200 as many complainants make double complaints or file wrong information.

“The accused sent a message saying my DJB connection will be cut off tonight as my metre reading was not updated,” said Laxman Agarwal, a 52-year-old RK Puram resident who lost 38,000 in May. “He knew my address, my phone number, my KNO number and meter status. He said the pending amount was 12.”

The method involves convincing targets to visit a malicious link or install an application.

Agarwal downloaded an application file that appeared genuine, complete with DJB logos. “As soon as I put my banking details, it showed an ‘unsuccessful’ transaction. While I was on the call with the accused, he quickly took out money in three transactions. I didn’t even give him an OTP.”

A businessman from Vasant Kunj lost over 1.5 lakh in a similar manner. “The message said my connection would be disconnected in three hours. It’s summer and losing water connection was scary,” he said, requesting anonymity. “In less than an hour, 1 lakh was withdrawn from my two bank accounts.”

The scammers typically claim small pending amounts—often just 12—to avoid suspicion. However, once victims engage, they lose significantly larger sums, usually between 20,000 and 50,000, according to a police inspector in the south range.

Deputy commissioner of police (southwest) Amit Goel said his force has received multiple complaints over the past four to five months. “The scale of the scam is growing as multiple gangs are misusing data from DJB and targeting unsuspecting victims.”

On June 2, police arrested three men from Jamtara and Deoghar in Jharkhand. Analysis of their devices revealed involvement in 35 additional cases, with one mobile number alone used to target 14 victims.

Police estimate that at least 100 people fall victim to this scam in a month, though no collated figure was available. The total losses, an official said, has reached 10 crore over four months.

“We have written to DJB and even issued warnings on social media. However, the cases keep on increasing. DJB should either restrict access or do something,” said a deputy commissioner-level officer, asking not to be named.

A freelance journalist from Inderpuri who lost 8,000 this week highlighted the broader problem: “The biggest issue is that DJB has all the data and anyone can see it.”

Even senior officials are targeted. A senior IAS officer in Kidwai Nagar received such a message on Monday, claiming a 12 pending amount would result in disconnection. He spoke to the person but on learning that the caller’s number was “active in Jharkhand”, he realised it was a scam and did not fall prey to it.

DJB released an advisory and officers shared details of their plan to make people aware of the scam.

On June 3, DJB issued a social media advisory stating: “It has been brought to the attention of DJB that its consumers are being contacted through mobile calls/SMS/WhatsApp messages by individuals falsely claiming to be from DJB... All consumers are urged to remain alert.”

For now, DJB is not planning make changes to vulnerable portal, an official said.

Since June, we have been spreading awareness about the scam through press releases, ads, social media and other platforms. At present, we are asking all our customers to call us and not fall prey to any of the calls or messages. We don’t cancel any connection through messages. Also, people can check any meter update on our genuine website. For now, we are not making any changes to the website because people want to know the KNO and can’t come to our office all the time,” a DJB official, asking not to be named.

Dr Pavan Duggal, a cybersecurity expert, said, “These cases are happening as cyber security loopholes are being exploited by fraudsters. This is not limited to DJB but multiple government portals. We need to have better cybersecurity systems in place to avoid this. Also, giving out all these personal details of the customers openly is in violation of the IT rules and regulations. The fraudsters are using the loophole to scam people. The system will have to be amended in a manner that effective remedies are provided to citizens, improved cyber security of government portals are in place and people need to be encouraged to improve cyber safety on their own.”

  • Jignasa Sinha
    ABOUT THE AUTHOR
    Jignasa Sinha

    Jignasa Sinha is a Principal Correspondent who's writes on Delhi crime, gender and labour.

Catch every big hit, every wicket with Crickit, a one stop destination for Live Scores, Match Stats, Infographics & much more. Explore now!

Stay updated with all top Cities including, Bengaluru, Delhi, Mumbai and more across India. Stay informed on the latest happenings in World News along with Delhi Election 2025 and Delhi Election Result 2025 Live, New Delhi Election Result Live, Kalkaji Election Result Live at Hindustan Times.