After an attempt to issue cards for online admission exam, Delhi University (DU) accidentally exposed Aadhaar numbers and some bank details of thousands of students, mentions a local media report.
The incident is still being investigated, although DU management has been unable to stop the leakage of this data, which would have begun on July 4. It should be noted that an Aadhaar number is a 12-digit key issued by the Indian authorities for the verification of citizens’ identity.
Last July 2, students began reporting that the university’s online admission card system allowed access to each admission card by anyone who had access to a student’s name, list number, and university code, details that were available to the public on the grade sheets uploaded on the DU website.
Upon access, the cards revealed the students’ phone number, address, email address and Aadhaar key. A member of the university’s IT department mentioned that the information exposed may be used to get more details about the affected students. According to Karan Saini, a cybersecurity specialist, this data breach is a sign of the displeasing way academic institutions handle sensitive employee and student data.
During the third week of June, the University issued a statement informing that it would send a link to its various locations so that students could download the admissions card for the July exam. In the first days of July, a notification with the link began to circulate in WhatsApp student groups.
When students began using the UG admission card link to log in and access their cards, they discovered that the process does not require additional authentication, so anyone could access these cards using only the student’s name, registration number and university code, public information available on the DU website.
After accessing, the cards revealed the phone number, email address, address, and Aadhaar key, among other data of the university students.
Two LLB students at campus law center noticed the July 2 data leak and began complaining about the incident via Twitter. After the news went viral, the DEan of DU mentioned that the reactions of those affected were exaggerated, although the university pledged to stop the leak.
The worst thing about it is that the incident has not been contained by YOU, which means that more and more students are exposed to malicious actions arising from the leaking of their confidential data. The Indian authorities have already intervened in the process, although the full scope is still unknown.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.