Earlier in July, the Andhra Pradesh government announced a new government incident reporting portal called Andhra Pradesh Computer Response Team (APCRT) which it is will go live in about a week. After the multiple breaches were reported in June, the Andhra Pradesh government ordered an audit of all government websites (which for the record, is 1200 websites) and said the state will set up a portal Andhra Pradesh Computer Response Team (APCRT) to report such vulnerabilities and breaches.

Andhra’s many leaks

Throughout June, breaches containing troves of data identifying individuals were reported. Here’s a look at what data was vulnerable.

  • An unsecured AP government portal exposed the names and numbers of all the people who had purchased medicines from the government-run generic medical stores — Anna Sanjivini Stores. The leak contained logs of Order ID, the Store Operator ID, Customer name, Customer phone number, details of the medicines, and the money paid, for each order. Details of people who had purchased Suhagra, a generic version of Viagra (a drug used to treat erectile dysfunction) were leaked as well.
  • It emerged that a state government portal which tracked ambulances in real-time was vulnerable and could be accessed by anybody with an internet connection. The portal was monitoring the movement of these vehicles and had sensitive information about the patient — such as the pick-up point, why the ambulance was called, and the hospital to which the patient was taken. Such knowledge and data gathering also raised concerns over the kind of data collected by state governments.
  • Details of up to 4.5 crore citizens — right from their phone numbers, insurance status, and home addresses — were exposed on a state government portal, accessible with only an Aadhaar number. All the data collected under Praja Sadhikhara Survey or Smart Pulse Survey, which is an extensive database of socio-economic and demographic data of citizens and seeded with Aadhaar, was open for access.

Read all our coverage of Andhra Pradesh data leaks here.