SUMMARY
Personal data of an undisclosed number of soldiers has been leaked and found open to the public on the defence ministry’s websites
The ministry has ordered a review of security protocols and ordered that information should be available only after secured login
Several websites of the ministry were made unavailable in order to prevent misuse of data
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
After multiple instances of Aadhaar data getting leaked at various levels, now the personal data — names, PAN number, military ID numbers — of an undisclosed number of soldiers has reportedly been leaked and found to be publicly available on the websites of the defence ministry’s pay and account offices located across the country.
In the wake of the incident, the ministry issued strict orders to revise the security protocols of the websites and also asked the concerned departments to furnish action-taken reports to curb the data leak.
The ministry has issued instructions on disclosure of sensitive information to all the concerned departments and has advised them to immediately take down the leaked data and control access to the websites in order to prevent misuse of the data.
The ministry has also advised that information should be made available strictly on “role-based access granted to the user” after a secured login.
The order issued to the concerned departments read, “It is requested that all websites may be reviewed whether any sensitive information is available without secure login or not and a comprehensive report may be furnished.”
Several websites of the ministry, including websites containing data on soldiers of the Para Regiment from a pay office in Bengaluru and the Belgaum-based Maratha Light Infantry pay office, were made unavailable on September 10 in the wake of the data leak.
Official Data Breaches In India
Earlier, in April, the Ministry of Defence’s website was allegedly hacked. The officials had then said that there were Chinese characters on the website, which indicated that China-based hackers were involved in the act.
Since January, final hearings in the Aadhaar case have been going on in the Supreme Court. A five-judge constitution bench of the SC headed by Chief Justice of India Dipak Misra is hearing the pleas. The final hearings came in the wake of a ruling by a nine-judge Constitution bench headed by then Chief Justice of India J S Khehar in August last year that privacy was a fundamental right guaranteed under the Constitution.
Recently, in May, personal data was also leaked via the online portal of the Employees’ Provident Fund Organisation (EPFO). The breach came to light through a letter circulated on Twitter. The letter — entitled ‘Secret’ and dated March 23 — was addressed to the CEO of the Common Service Centre and claimed that hackers had exploited vulnerabilities through aadhaar.epfoservices.com to steal data. However, the officials from EPFO have confirmed that there was no data theft.
A French security expert who goes by the alias of Elliot Anderson also pointed out the weak measures for data security in India after he uploaded website links containing the Aadhaar data of several thousand people on Twitter. He also uploaded a tutorial video showing how one can breach Aadhaar data in a minute.
Further, security researcher Srinivas Kodali revealed data on caste, religion, account number, IFSC code, bank branch, mobile number of nearly 1.34 lakh people from Andhra Pradesh; the data had been leaked via the Andhra Pradesh State Housing Corporation website.
[This development was reported by ET.]
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.