HYDERABAD: Over 18,000 files and documents containing sensitive information of English and Foreign Languages University (EFLU) students have been sitting online, just a Google search away, for the past three years. The files contained copies of documents the students had submitted at the time of admission like Aadhaar card, voter ID, ration card and even first page of bank passbooks that contain account number and other details. The site that contained data of students was taken down after Express reached out to the university vice chancellor and alerted him about the leak. The students reached out to the EFLU vice chancellor on Tuesday and expressed their concerns over the issue.
The website was a sub-domain of the main EFLU website and the directory of the link also granted access to bank statements of a few students. The vulnerability was exposed, yet again, by French security researcher Robert Baptiste. It was a response to UIDAI’s claims that publication of Aadhaar details by “some people have absolutely no bearing on UIDAI, not at least on Aadhaar security.” Tweeting from its official handle on Sunday the UIDAI had also said that, “If anybody, without authorisation, publishes someone’s personal information such as Aadhaar card, passport, mobile number, bank account number or his photograph, he can be sued for civil damages by the person whose privacy right is infringed.”
Responding to UIDAI’s assurance, Robert Baptiste tweeted the link that contained data of EFLU students. The data contained pre-admission documents from 2015 to 2017. Some of the Aadhaar data was not even that of students, but of prospective ones who had applied to the institution. Express reached out to the EFLU vice chancellor E Suresh Kumar and alerted him about the data leak.
“We have to look into this, our online support is done by Verity Solutions. There has been a data breach on their end. They have already started taking the necessary action. Students should not panic, we have taken steps to protect their data,” said the vice-chancellor. The university had in 2017 attempted to make Aadhaar mandatory for admission, but the decision was later revoked. Aadhaar has been made mandatory by the university again in 2018.
Speaking to Express, Baptiste said his only intention was to make UIDAI admit to security flaws and take necessary action. “The Supreme court had just last week made seeking aadhaar for educational institutions, optional. Their data could be stolen and be used for opening bank accounts and sold in the dark web.There is no need for schools and universities to collect student aadhaar data, these institutions are not well equipped to handle such sensitive information,” said an Indian security researcher.
Site taken down after being alerted by Express
The site that contained data of students was taken down after Express reached out to the university vice chancellor and alerted him about the leak.
The website was a sub-domain of the main EFLU website and the directory of the link also granted access to bank statements of a few students.
The vulnerability was exposed, yet again, by French security researcher Robert Baptiste, who tweeted the link that contained data of EFLU students. The data contained pre-admission documents from 2015 to 2017
EFLU students anxious; to meet admin today
Hyderabad: EFLU students panicked on hearing reports of data leak. It included a few who had just applied to the university but not taken admission. “I had applied for a Korean language certificate course in 2016 but never took it up. I cannot believe my Aadhaar, SSC and inter certificates are out in the open for anyone to access,” said a 22-year-old who Express contacted after finding her name on the list. “Where can I complain and how can I get the data removed?” she asked.
The students on campus, after coming to know of the developments, contacted the university’s Student Union (SU) to share their anxieties. The students representatives said they contacted the EFLU administration to inform about the data leak and that they will officially take up the issue with the administration on Wednesday. The students, who requested anonymity, said that the university made the Aadhaar data mandatory for admission in 2017. The EFLU Students Union (2017-18) president Maitri Das said that the university’s administrative officials assured that stricter online measures will be taken and have reacted positively.