VIJAYAWADA: Incidence of sensitive public data being mishandled on state government websites continues unabated, indicating that departments with vulnerable portals don’t seem to have gotten their act together.
This is evident from the fact that only 80 of the close to 320 websites with vulnerabilities were fixed after an audit by the IT Department in May. A top-ranking official from the department told TNIE, “We have audited about 320 portals of the state government under the ap.gov.in domain and sent reports to the respective departments which maintain them. So far, only 80 of them have responded saying they have fixed the issues we spotted. We will audit the 80 websites again to see if there are any new vulnerabilities.”
In addition to this, the State government maintains 800 more websites under different domains that are yet to be audited.
The IT Department has instructed the Andhra Pradesh Cyber Security Operations Centre (APCSOC) to audit all websites to find if any of them contain sensitive public information which is not secure. Mishandling of data AP government portals began coming to light in March when cyber security experts started pointing out loopholes in them. Sensitive data pertaining to MNREGS workers, housing scheme beneficiaries, people who bought medicines from State-run Anna Sanjivini generic stores and others were freely available on certain government websites. The vulnerabilities were plugged after independent cyber security researchers flagged the issue.
Interestingly, IT Department officials claimed to have known about the potential attacks way back in January. “We knew that independent researchers would point out loopholes in our websites two months before the reports of leak began. We immediately informed the departments concerned to plug the loopholes too, but they did not. Audits will serve their purpose only if departments plug the vulnerabilities soon after we point them out” an official said.