The proprietors of three small-scale IT companies were arrested in connection with the data leak of students who appeared for the Standard 10th and 12th board exams this year, reported The New Indian Express. The arrests come after multiple reports of websites leaking and selling exhaustive personal data of students including their names, addressess, phone numbers, colleges they were studying in, and in some cases pincodes, parents’ names and roll numbers of the exam they appeared for.

The arrested persons are identified as P Praveen Chowdary, owner of Nari Technologies, A Sudakar of IT Acumens which is a web-designing company and Venkat Rao of K Square India Technologies.

According to the report, the leaks emerged when parents of students started receiving “more number of calls from private colleges and institutions, attracting them with various offers and gifts.” The data was found in possession of a database-marketing company and was sold at negotiable prices, according to a leaked audio tape, the report said. The report added that the data was “collected by the School Education department from the students” and further, that the “police could not tell the origin of the breach of data from the government’s database.”

The arrests were made based on a complaint by director of government examinations, Vasunthra Devi, the Central Crime Branch (CCB) of the Chennai city police. The charges were cheating, theft of information and personal data and conspiracy. The police investigation revealed that the trio designed applications to sell student data. TNIE quoted an anonymous senior police officer as saying “Praveen and Sudakar run their companies at Vadapalani and they sold the personal data to Venkat who runs a company at T Nagar. We are further probing how much data they sold and how many other companies are involved and if any government officials are also involved.”

CBSE denied any leak data breach

Last week, the CBSE denied any breach of personal data of 2018 National Entrance Cum Eligibility Test (NEET) candidates saying the allegations “appears to be the handiwork of certain unscrupulous persons with the objective of duping the gullible public. CBSE convenes the NEET and various other nation-wide exams such as Class 10th and 12th CBSE board exams, JEE, among others. The board said that there was “no question of any breach of data or any misuse of data by the CBSE” as all the data of all 1.3 million NEET 2018 candidates was maintained “only in encrypted format with strict security measures with the National Informatics Centre.” Even when CBSE accesses data from the NIC, which hosts data of several government websites, “it does not contain personal details such as mobile numbers, details of identification documents, email IDs, etc.”

Multiple breaches of student data

On July 18, The Wire first reported that phone numbers, email IDs and addresses of hundreds of thousands of applicants who took the National Eligibility and Entrance Test (NEET) in 2018 are available for sale online. The website provided the above data of NEET applicants from at least up to 15 states, including significantly larger states such as Maharashtra, Andhra Pradesh, Karnataka and so on. The Wire report clarified that the website did not offer the entire ‘NEET database’, as over 13 lakh individuals took NEET in 2018, while the data of 2.4 lakh people was available for purchase.

On July 20, MediaNama reported that the website leaking NEET data was just one among the 60 websites leaking student data from all over the country. More than 50 websites were found to be leaking expansive and exhaustive data containing personal information of students including name, phone number, email address, college name, academic qualification, year of passing or the year student is currently studying in and so on. The students in question are from engineering colleges, medical schools, fashion institutes, business schools and even 12th graders.

The data belongs to hundreds of private as well as government colleges from these states. The domains provide downloadable excel sheets containing personal data including full name, phone number, email address, college name and the year the student is in. Large amounts of data leaked was of B.Tech students in their final year, who private colleges and coaching institutions market to, in order to lure them into enrolling in their own institutions for higher degrees.