Family ID fraud: Haryana officials diverted 21,000+ OTPs to manipulate data

In a startling development in the Parivar Pehchan Patra (PPP) portal tampering case, a technical investigation has revealed that six officials of the Citizen Resources Information Department (CRID), posted in Jhajjar and Nuh districts, allegedly diverted over 21,217 OTPs (One-Time Passwords) to their personal mobile phones to manipulate Family ID data.

The finding came to light through a detailed digital forensics report submitted by Arun Mahendru, security analyst at the Haryana Parivar Pehchan Authority (HPPA), to the Jhajjar police. The report has exposed a systematic breach of the official PPP portal’s verification mechanism, potentially carried out in exchange for bribes.

According to police sources, “One CRID official in Jhajjar diverted 5,696 OTPs to two personal mobile numbers. Another received 1,036 OTPs, while two others in the same district diverted 308 and 1,051 OTPs, respectively. In Nuh district, one official allegedly diverted 9,136 OTPs and another, 3,990 to their phones.”

The OTPs are critical to the Family ID modification process. An OTP is sent to the registered mobile number of a family member to validate any change request. However, officials allegedly bypassed this verification by rerouting OTPs to their own phones, allowing them to alter records without the family’s consent.

“This deliberate diversion compromised the entire system’s integrity,” said an investigating official, adding that such actions were aimed at illegally changing family details — possibly for monetary gain.

The fraud first surfaced in November 2024, when Jhajjar police arrested three CRID employees for tampering with the PPP database. Since then, the scope of the investigation has expanded, leading to seven arrests so far, including officials directly involved in the OTP manipulation.

The investigation also revealed attempts to destroy evidence. One of the arrested officials allegedly damaged his CPU — which he had used to access the portal and manipulate the data — intending to erase digital footprints.

Police are now looking into the possible involvement of a larger network of intermediaries or agents, suggesting the scam may go beyond individual misconduct.

Anirudh, ACP Jhajjar, who is leading the probe, said: “The case is being investigated from multiple angles. It would be premature to disclose more details due to the sensitivity of the matter.”