wordpress blog stats
Connect with us

Hi, what are you looking for?

AP government portal to report data breaches will go live in a week: Report

The Andhra Pradesh government has started taking steps to prevent the leak of citizen’s personal data from government websites; a new government incident reporting portal called Andhra Pradesh Computer Response Team (APCRT) is likely to go live in about a week, reported HuffPost India.

In June, several data breaches and vulnerabilities were discovered by security researcher Srinivas Kodali. It emerged that citizen data relating to medical purchases, ambulance calls, phone numbers, addresses and insurance status were easily accessible to anybody with an internet connection. The data was stored in vulnerable dashboards of the state government portals.

After multiple breaches were reported, the Andhra Pradesh government ordered an audit of all government websites (which is 1200 websites FYI) and said the state will set up a portal Andhra Pradesh Computer Response Team (APCRT) to report such vulnerabilities and breaches.

At the time, K Vijayanand, principal secretary, IT, AP government, said monthly audits will be conducted for all departments to find loopholes in data security and privacy. “We have asked the Andhra Pradesh State Cyber Security Operations Centre (APCSOC) to conduct an audit of all the departments’ websites to identify if any sensitive public data is available on them. Here on, we will audit all the portals for both cybersecurity vulnerabilities and privacy issues. The audits will be done on a monthly basis,” he had said. the government also announced the APCRT portal, which would also have a call centre with ten phone lines meant for use cyber emergencies.

This isn’t the first audit the AP government has conducted. APCSOC was inaugurated in April and began auditing in May. “We started doing security audits in May, and it has been a very time-consuming process,” said V Premchand, Managing Director of Andhra Pradesh Technology Services (APTSL) told HuffPost India. APTSL oversees cybersecurity issues in the AP government and is the authority running APCSOC. “The different departments have their own systems and a lot of the decisions on security have so far been taking place on an ad hoc basis, so one of the first tasks for us was to establish the SOP (standard operating procedure) to be followed. We are now going to do this for privacy along with security.”

Advertisement. Scroll to continue reading.

Sources in the government showed what the APCRT would look like once live, with sections showing the latest security news updates, and advisories for the general public on how to secure their gadgets, aside from a page to report cybersecurity issues with different options for government agencies, organisations, and individuals to make their reports.

What data was leaked? Was it sensitive?

A lot and yes.

Throughout June, breaches containing troves of data identifying individuals were reported. Here’s a look at what data was vulnerable.

  • An unsecured AP government portal exposed the names and numbers of all the people who had purchased medicines from the government-run generic medical stores — Anna Sanjivini Stores. The leak contained logs of Order ID, the Store Operator ID, Customer name, Customer phone number, details of the medicines, and the money paid, for each order. Details of people who had purchased Suhagra, a generic version of Viagra (a drug used to treat erectile dysfunction) were leaked as well.
  • It emerged that a state government portal which tracked ambulances in real-time was vulnerable and could be accessed by anybody with an internet connection. The portal was monitoring the movement of these vehicles and had sensitive information about the patient — such as the pick-up point, why the ambulance was called, and the hospital to which the patient was taken. Such knowledge and data gathering also raised concerns over the kind of data collected by state governments.
  • Details of up to 4.5 crore citizens — right from their phone numbers, insurance status, and home addresses — were exposed on a state government portal, accessible with only an Aadhaar number. All the data collected under Praja Sadhikhara Survey or Smart Pulse Survey, which is an extensive database of socio-economic and demographic data of citizens and seeded with Aadhaar, was open for access.

All these portals were taken down after the breaches were exposed and reported. While the above occurred in June, another was reported in April. Personal information of Eligible Couples, Pregnant Women and Children by the Nutrition and Health tracking system as well as the Reproductive and Child Health department were being leaked from AP government websites. The data was publicly accessed as area wise lists, including the Aadhaar and mobile numbers of the people being tracked. The data published on this site included Aadhaar numbers of women and it tracked their reproductive history from pregnancy to its conclusion – whether abortion, risk status, follow-ups or birth. It also tracked the infants early years and vaccinations.

Read all our coverage of Andhra Pradesh data leaks here.

Advertisement. Scroll to continue reading.
Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ