HuffingtonPost India reported Andhra Pradesh government leaked personal data of more than 23000 farmers who have received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board. The organization offers subsidies to farmers and tribals who indulge in growing Ayurvedic medicines in the state, as part of a promotion drive to encourage the farmers.
The personal data of all these farmers which resides in an open database of Andhra Government portal has been leaked. The leaked data includes farmers’ phone numbers, Aadhaar numbers, father’s names, passbook and bank account numbers, and the district and mandal where they live.
The severity of the attack can be fathomed from the fact that all data can be collected with just an entering a phone number, whereas in other cases it involved entering a number of criteria before one could access the data. Hence the leak appears to be larger than the earlier reported Andhra government leaks.
Speaking to HuffingtonPost Karan Saini, a security analyst and consultant said generally various government departments are unresponsive when breaches like this show up.
He further added saying “Lack of outreach is an issue with all of these organisations. NCIIPC is the only one that can even be found by someone looking at the surface. [These organisations] are hard to get a response from.”
Another security researcher who reported about leaks in June Mr. Srinivas Kodali said there is no official system of accountability in the government when it comes to data leaks.
A similar kind of data leak occurred back in July, where the Andhra Pradesh government announced a new government incident reporting portal called Andhra Pradesh Computer Response Team (APCRT) which will go live in about a week. Repeated breaches were reported in the month of June as a result of which the Andhra Pradesh government ordered the audit of all government websites. There are around 1200 websites that belong to the state. An audit portal Andhra Pradesh Computer Response Team (APCRT) will be setup by the state to report such vulnerabilities and breaches.
There have been a number of data breaches in the recent months, one such incident an unsecured AP government portal exposed the names and numbers of all the people who had purchased medicines from the government-run generic medical stores — Anna Sanjivini Stores.
Lets hope in future with proper auditing of government portal such incidents won’t happen. Please give your comments and suggestions in the comments section below.