Government blocks websites exposing sensitive personal information
- In Reports
- 02:43 PM, Sep 27, 2024
- Myind Staff
The Indian government has blocked several websites that were found to be exposing sensitive personal information, including Aadhaar and PAN card details of citizens, according to an official statement released on Thursday. The action came after the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics and Information Technology, identified security flaws on these websites.
The leak of personal information poses a significant risk, making individuals vulnerable to online scams. Last week, a cybersecurity researcher reported that officials from Star Health Insurance sold data belonging to 3.1 crore customers. The hacker created Telegram bots to access the data of over 31 million customers and claims made by about 5.7 million individuals.
The Ministry emphasised that protecting personal data and ensuring safe cyber security practices is a top priority for the government. "The Ministry has noticed that some websites were leaking sensitive information such as Aadhaar and PAN card details. This issue is being taken very seriously, and prompt action has been taken to block these websites," the statement said. The Unique Identification Authority of India (UIDAI) has also filed a complaint with the police regarding violations of the Aadhaar Act, which prohibits the public display of Aadhaar information.
According to CERT-In, the analysis of these websites revealed significant security vulnerabilities. The owners of the affected websites have been advised on how to improve their ICT (Information and Communication Technology) infrastructure and fix these issues.
The statement did not specify the names or number of websites that were blocked, but an online search revealed several sites exposing personal details of citizens, including Aadhaar numbers, PAN card information, and driving licenses. Notably, these websites continued to function even after the government issued its statement.
MeitY has also highlighted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which prohibit the publication and disclosure of sensitive personal data. If individuals are adversely affected, they can file a complaint with the Adjudicating Officer under the IT Act for compensation. IT secretaries of various states serve as adjudicating officers in these cases.
An email conversation video revealed the email ID of a senior company official and showed discussions between the hacker and the official regarding a deal. Initially, the deal was set for $28,000, but the official later demanded $150,000, claiming he needed to pay senior management for allowing the data leak to continue.
Comments