Even as political parties, cutting across party lines, are demanding action against Tech Mahindra in connection with the ransomware attack on the Pimpri-Chinchwad Smart City Project, the Pimpri-Chinchwad Municipal Corporation (PCMC) has said it will not bear the estimated loss of Rs 5 crore.
According to the complaint lodged by Tech Mahindra, which manages the smart city project, servers of Chinchwad Smart City Project fell victim to a ransomware attack. As per the complaint, the attackers have demanded a ransom to be paid in Bitcoins. The attack happened on February 26 and a criminal offence in connection with this has been registered at Nigdi Police Station on March 9.
While the company has lodged a complaint estimating a loss of Rs 5 crore, Municipal Commissioner Rajesh Patil has conveyed to the firm that the civic body will not absorb the costs. The civic body has contended that no sensitive data was leaked. PCMC IT officer Neelkanth Poman told The Indian Express on Sunday: “We are surprised by the police complaint lodged by Tech Mahindra estimating the loss at Rs 5 crore. We believe that they can rework the system and set it right. There is no justification or reason for suffering any loss. PCMC will not pay them anything, we have conveyed to them about this.”
As per officials, configuration of the system is going on at the PCMC Smart City project’s server room, located at Astitva Hall near Nigdi Pradhikaran.
“The ransomware attack happened when the configuration happened. They have encrypted the configuration data. The servers did not have any project data as of yet,” said Poman,
On its part, Tech Mahindra has now contended that though it has filed the complaint estimating the loss of Rs 5 crore, it is not going to seek any compensation from the PCMC but will rework the system.
Sujit Baksi, Head, APAC Business and President, Corporate Affairs, Tech Mahindra, told this paper: “On the morning of 26th February, we were informed about the ransomware attack on PCMC servers. Following which the team briefed the whole situation to the cyber security officials and subsequently filed the FIR with the police. After detailed analysis of the situation in last 10 days, we have come to a conclusion that 25 servers are impacted which need to be rebuilt along with implementation of a robust security system. Though the FIR mentions damage of about Rs 5 crore, which is not for any material cost or data, the only cost would be towards the rework efforts. Our team is monitoring the situation on a regular basis and has also continued the work on rebuilding the environment without touching the infected servers. The servers which were impacted are recoverable and there is no impact of it commercially.”
Meanwhile, political parties cutting across party lines have demanded action against Tech Mahindra and a thorough investigation into the whole affair.
Maval Shiv Sena MP Shrirang Barne said, “This particular cyber attack raises questions about the securty of citizens. There should be a thorough investigation and the guilty should be punished.”
In a letter to the PCMC chief, he wrote: “On one hand Tech Mahindra has claimed that some unknown persons from China, Russia, France and Germany carried out the ransomware attack. On the other hand, it says some unknown persons tried to enter the server and encrypted important data while demanding bitcoins for decrypting the data. The contradictions are clear. There seems to be an attempt to mislead PCMC. There is a possibility of involvement of civic officials in this case. Therefore, there should be an investigation against Tech Mahindra and civic officials who are working irresponsibly. This incident has raised questions whether our data is safe or not especially when we are pumping crores of rupees in it.”
The ruling BJP is also miffed with Tech Mahindra for the lapse and causing a financial loss to the public exchequer. BJP corporator Seema Savale said: “The company has bagged a Rs 525 crore contract of which Rs 15 crore are to be spent on the firewall to secure the systems. The successful attacks shows that proper firewall has not been built by the company for the systems. Also, the company has made several contradictory statements in the FIR to police. It’s clear that it’s trying to hide something,” said Savale, demanding that the contract with the company be scrapped. Savale also said that Tech Mahindra on one hand said attempt was made to enter the server and at the same time, says the attackers entered the server and encrypted the data. “These contradictory and misleading statments should be investigated thoroughly,” she said.
Sanjoy Waghere, president of Pimpri-Chinchwad unit of NCP said,”PCMC has spent crores of rupees on the project. Instead of securing the project, Tech Mahindra is trying to avoid its responsibility by claiming that a theft had taken place. This is a very serious matter vis-a vis security of citizens and calls for a deeper probe. We request the PCMC to investigate the role Tech Mahindra and sub-contractors and punish whoever is responsible.”
– Stay updated with the latest Pune news. Follow Express Pune on Twitter here and on Facebook here. You can also join our Express Pune Telegram channel here.