In recent months, Delhi Police have been investigating an incredible case where cybercriminals stole EPR credits by hacking into the Central Pollution Control Board (CPCB) portal. These criminals transferred 10,244 tonnes of Extended Producer Responsibility (EPR) certificates, worth several crores, to unauthorized beneficiaries. While similar incidents have happened in Western countries, this is the first reported case in India. The police are still waiting for access logs and IP addresses from the CPCB server to move forward with the investigation (The Hindu and Times of India).
How the Theft Was Discovered
The theft was uncovered a few months ago when some Producers, Importers, and Brand Owners (PIBOs) found their login credentials had stopped working. Investigations revealed that their access details for the centralized portal had been changed, and their certificates had been transferred to other companies. After raising the issue with the board, a CPCB director approached the police, and an FIR was registered.
Initial investigations suggested that the hacking occurred between December 18 and 20 last year. “This was the last day for PIBOs to submit their annual report,” said a board official. Technical investigations indicated that the beneficiaries included at least six firms or PIBOs and two intermediaries.
A senior official of the CPCB, explained that fake certificates were a result of “teething issues” because this was the first full year since the scheme was implemented and that there could have been a “lack of clarity” among recyclers on the mechanics of the scheme.
“This is a paradigm shift. All these years, companies had no mandatory targets and were alien to the concept of an online tracking system that showed how many certificates were generated and traded. While we are aware of the problem, it is akin to – say the early years of implementing GST (Goods and Services Tax) or filing Income Tax returns online. We will be keeping a track of EPR-filings by companies and in case of suspicious filings, we will be keeping a hawk’s eye. Errant companies will face heavy fines,” -CPCB Official
The recent theft of EPR credits from the CPCB portal is a reminder of the vulnerabilities in our systems. It highlights the need for robust cybersecurity measures and a transparent, reliable EPR process.
If you have any questions or need assistance with EPR registration and compliance, please reach out to us.
Disclaimer: Above content does not constitute any legal advice and is only provided for educational purpose.
Climeto Sustainable Services Private Limited is an environmental consultancy. If you need any more information on the above you can contact us:
For Business Enquiry : business@climeto.com
For General Enquiry: info@climeto.com
Reach directly via call: +91 9039946410