Delhi Jal Board Website Flaw Exposes Millions to ₹10 Crore Scam Spree
New Delhi, India – June 21, 2025 – A critical vulnerability on the Delhi Jal Board’s (DJB) official website has become a goldmine for cybercriminals, exposing the personal data of potentially millions of residents and fueling a widespread scam that has already siphoned off at least ₹10 crore in just four months. Police investigations reveal that a seemingly innocuous feature, the “Know Your KNO” portal, is inadvertently acting as a data harvesting tool, providing fraudsters with the ammunition they need to impersonate DJB officials and defraud unsuspecting citizens.
The “Know Your KNO” portal, designed to help consumers identify their 10-digit water connection identifier (KNO), allows anyone to input a partial address – as little as 10 characters – and gain access to a treasure trove of sensitive information. This includes residents’ full names, complete addresses, mobile numbers, and the unique KNO numbers, which can then be used to retrieve individual bill details.
With an estimated 2.9 million water connections across Delhi potentially exposed, fraudsters are exploiting this loophole with alarming efficiency. They contact victims with urgent threats of water connection disconnection, leveraging the precise personal and bill details gleaned from the website to establish credibility. Once trust is established, they direct victims to malicious links or trick them into installing fraudulent mobile applications, ultimately leading to significant financial losses.
A Growing Cybercrime Epidemic:
This particular scam now accounts for a staggering 20% of all cybercrimes reported in Delhi, a concerning statistic highlighted by multiple police station house officers across the capital. Cyber officials report that the National Cybercrime Reporting Portal (NCRP) receives at least 5,000 complaints from Delhi each month, with over 700 directly related to DJB fraud. While FIRs are currently limited to 100-200 due to issues like duplicate complaints or incorrect information, the actual number of victims is likely much higher. Police estimate that at least 100 individuals fall prey to this scam every month.
Laxman Agarwal, a 52-year-old resident of RK Puram, recounted his harrowing experience of losing ₹38,000 in May. “The accused sent a message saying my DJB connection will be cut off tonight as my metre reading was not updated,” he explained. “He knew my address, my phone number, my KNO number and meter status. He said the pending amount was ₹12.”
Similarly, a businessman from Vasant Kunj, who requested anonymity, lost over ₹1.5 lakh. “The message said my connection would be disconnected in three hours. It’s summer and losing water connection was scary,” he admitted. “In less than an hour, ₹1 lakh was withdrawn from my two bank accounts.”
The scammers typically initiate contact by claiming small, seemingly innocuous pending amounts – often as low as ₹12 – to avoid suspicion. However, once victims engage and follow the instructions to download malicious applications or click on compromised links, they often lose significantly larger sums, usually ranging between ₹20,000 and ₹50,000, according to a police inspector in the south range.
Police Action and DJB’s Response:
Deputy Commissioner of Police (Southwest) Amit Goel confirmed the escalating scale of the scam, noting a surge in complaints over the past four to five months. “The scale of the scam is growing as multiple gangs are misusing data from DJB and targeting unsuspecting victims,” Goel stated. On June 2, police successfully apprehended three individuals from Jamtara and Deoghar in Jharkhand, notorious hubs for cybercrime. Analysis of their devices revealed their involvement in 35 additional cases, with one mobile number alone linked to targeting 14 victims.
Despite police repeatedly writing to the DJB and issuing social media warnings, the cases continue to mount. A deputy commissioner-level officer, who preferred to remain anonymous, expressed frustration, “DJB should either restrict access or do something.” Even senior officials are not immune; a senior IAS officer in Kidwai Nagar recently received a similar scam message regarding a ₹12 pending amount. Recognizing the caller’s number was “active in Jharkhand,” he wisely avoided falling victim.
On June 3, the DJB issued a social media advisory urging consumers to remain alert against individuals falsely claiming to be from the utility. “It has been brought to the attention of DJB that its consumers are being contacted through mobile calls/SMS/WhatsApp messages by individuals falsely claiming to be from DJB,” the advisory stated.
However, a DJB official, speaking anonymously, stated that there are no immediate plans to modify the vulnerable portal. “Since June, we have been spreading awareness about the scam through press releases, ads, social media and other platforms. At present, we are asking all our customers to call us and not fall prey to any of the calls or messages. We don’t cancel any connection through messages. Also, people can check any meter update on our genuine website. For now, we are not making any changes to the website because people want to know the KNO and can’t come to our office all the time,” the official explained.
Expert Concerns and the Way Forward:
Dr. Pavan Duggal, a renowned cybersecurity expert, emphasized the broader implications of such vulnerabilities. “These cases are happening as cybersecurity loopholes are being exploited by fraudsters. This is not limited to DJB but multiple government portals,” he stated. Dr. Duggal stressed the urgent need for robust cybersecurity systems across all government platforms. He also highlighted that openly providing such extensive personal details of customers is a potential violation of IT rules and regulations. “The fraudsters are using the loophole to scam people. The system will have to be amended in a manner that effective remedies are provided to citizens, improved cybersecurity of government portals are in place, and people need to be encouraged to improve cyber safety on their own,” he concluded.
The alarming rise in these scams, facilitated by a glaring data vulnerability, underscores the critical need for a comprehensive and immediate response from the Delhi Jal Board. While awareness campaigns are crucial, a more proactive approach to securing sensitive customer data and patching system loopholes is paramount to protect Delhi residents from becoming the next victims of this escalating cyber fraud.
