Cyber Incident Victim: Office of the Principal Controller of Defence Accounts

On March 31, 2015, the official website of the Office of the Principal Controller of Defence Accounts (Officers) (PCDA(O)) at www.Pcdaopune.Gov.In was compromised by hackers, forcing the site offline. The breach raised concerns that attackers accessed sensitive personal information belonging to military officers, including login credentials and personally identifiable data. The website remained nonfunctional following the intrusion, displaying only a placeholder message confirming salary disbursements had been processed for April 1 and promising restoration. Defence sources confirmed the incident but did not disclose technical details regarding the intrusion method or initial detection mechanisms.

An advisory issued post-incident confirmed the potential compromise of officers' login IDs, passwords, military badge numbers, PAN (Permanent Account Number) identifiers, dates of birth, and commissioning dates. Authorities warned affected personnel to anticipate phishing attempts targeting email addresses registered with PCDA(O) services. The advisory mandated immediate changes to compromised email accounts and instructed officers to re-register credentials once the website resumed operations. While the perpetrators remained unidentified, defence sources noted historical patterns of similar cyberattacks originating from unspecified neighboring nations. No additional technical containment measures, forensic findings, or data recovery timelines were disclosed in available reports. The incident disrupted access to salary-related statements of accounts (SoA) and necessitated a full website rebuild prior to restoring services.