A serious security vulnerability in India's income tax filing portal was identified by researchers Akshay CS and 'Viral,' who discovered that logged-in users could access sensitive personal and financial data of other taxpayers. This flaw, known as an insecure direct object reference (IDOR), allowed users to manipulate their Permanent Account Number (PAN) in network requests to view others' information, including names, addresses, and bank details. The Indian Income Tax Department has since fixed the issue, but the potential exposure of data for over 135 million registered users raises significant concerns about data security. The researchers alerted India's computer emergency readiness team (CERT-In) shortly after discovering the flaw, but the timeline for the fix was unclear. The incident highlights the need for stronger security measures in government systems to protect sensitive information.