VIJAYAWADA: After the breach of private medical history of the public on Anna Sanjivini website of the State government, Aadhaar details of over 48,000 students were available on another government portal.
However, the vulnerability was plugged on Saturday when cyber security researcher Kodali Srinivas flagged up the issue with the Indian Computer Emergency Response Team (In-CERT) and National Critical Information Infrastructure Protection Centre (NCIIPC).
“Andhra Pradesh has published 48,570 student volunteers’ Aadhaar numbers, who were supposed to conduct #Swachh Bharat surveys in their localities. Aadhaar is voluntarily mandatory for everything (sic),” Srinivas tweeted on Saturday.Even though Srinivas reported the vulnerabilities on June 21, the authorities acted only on Saturday by pulling the website down.
He explained that private data was available on several other domains hosted by the State government.
“The data on the Swachh Andhra Pradesh website was removed on Saturday. Anybody could have easily accessed it. Sensitive data is being published everywhere by the State government, and it has no idea what data it is publishing where,” he told TNIE.
For the record, the IT Department has directed the Andhra Pradesh Cyber Security Operations Centre (APCSOC) to audit all the websites for vulnerabilities in their functionalities and availability of private data earlier last week. While there are close to 320 sub domains under the State government’s primary domain: ap.gov.in, there are 800 more portals belonging to various departments.