The Andhra Pradesh government has been leaking the personal data of more than 23,000 farmers who have received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board, reported HuffPost India. The organisation encourages the growth of Ayurvedic medicines in the state; the subsidies are offered to farmers and tribals – and all their personal data is available on an open database on an Andhra Government portal.
The portal has been leaking farmers’ phone numbers, Aadhaar numbers, father’s names, passbook and bank account numbers, and the district and mandal where they live – all this information by entering their phone number in the database.
The information is available with a click and can be downloaded as an Excel Sheet. This leak appears to the most vulnerable among all the Andhra government leaks. To access any data from previous leaks, one had to search for the information on dense portals. In this case, detailed information is available with a simple search by entering a phone number.
Karan Saini, a security analyst and consultant told HuffPost that the various government departments are generally unresponsive when breaches like this are brought up. “Lack of outreach is an issue with all of these organisations,” said Saini. “NCIIPC is the only one that can even be found by someone looking at the surface. [These organisations] are hard to get a response from.”
One reason for this is that there is no official system of accountability in the government when it comes to data leaks, said Srinivas Kodali, a security researcher who reported the leaks in June.