wordpress blog stats
Connect with us

Hi, what are you looking for?

Data of 2.4 lakh NEET candidates leaked and available for sale: Report

The phone numbers, email IDs and addresses of hundreds of thousands of applicants who took the National Eligibility and Entrance Test (NEET) in 2018 were available online, for a payment of up to Rs 2 lakh, The Wire has reported.

Neetdata.com, the website in question, has since been taken down. NEET in a medical entrance exam for MBBS and BDS (dental courses) for admission into various private and government colleges throughout the country. The exam is convened by the Central Board for Secondary Education (CBSE) every year.

The website provided the above data of NEET applicants from at least upto 15 states, including significantly larger states such as Maharashtra, Andhra Pradesh, Karnataka and so on. The Wire report clarifies that the website did not offer the entire ‘NEET database’, as over 13 lakh individuals took NEET in 2018, while the data of 2.4 lakh people was available for purchase.

Credit: Internet Archive

The suspended neetdata.com website.

Note that the NEET exam is conducted for MBBS and BDS programmes for students who have passed Class XII. There is a high likelihood that the leak included sensitive personal data of underage candidates, as the corresponding age while appearing for Class XII is usually 17 or 18 years.

According to The Wire, which scoured the database, the website opened with a statement proposing the sale of such data: “Many consultants across India trust us for their database needs. Our database prices will be on the higher prices, no doubt. But YES, because of that reason, limited clients will have access to our database and that gives scope to have good conversions.”

The information available was provided a complete picture of applicants: student name, their NEET score, ranking, complete address, date of birth, mobile number and email ID. This data was available to anybody for a payment. The website also withheld the last three digits of the applicant’s mobile number, which is an incentive to make interested parties pay up for the complete data.

Advertisement. Scroll to continue reading.

Data available for payment

The Wire also cross-verified the data with the applicants and found it to be genuine. The broker offered prices for data: Rs. 2.4 lakh for personal data of 2 lakh applicants.

Possible buyers are training/coaching institutes and private medical colleges which lure students who did not crack the NEET to join their coaching or medical schools. In 2017, there was a similar breach of exhaustive personal data candidates for MBA entrances (CAT, MAT, CMAT and so on) and some engineering and medical entrance tests. According to this Livemint report, some of the buyers in that case were business schools, who try to make the most of students who could not get admission to premier B-schools. The conveners of CAT, an annual competitive exam, are established B-schools such as IIM-Ahmedabad in 2015 and IIM-Bangalore in 2016. These institutions were clueless about the leaks, and said that “even the even the faculty members of IIMs do not have access to it use it.”

Isn’t this illegal?

It is illegal, but not illegal enough.

While Sections 43A and Sections 72A of the IT Act (2008) cover some aspects of a data leak, they are hardly ever used. Section 43A holds the bodies which stores and manages data liable in case of “negligency in implementing and maintaining reasonable security practices.” Section 72A provides for punishment of the agency of intermediary body for disclosure of personal data without consent and/or any breach of personal or sensitive data.

The above provisions have been active since IT Act 2008, but clearly are not enough for protection of sensitive data. A data protection law headed by (Retd.) Justice Srikrishna has been in the works since a year; the report is expected to release later this month.

The plague of data breaches lately

India has been flooded with data breaches from government repositories lately and Andhra Pradesh has come out on top for exposing medical, caste, and geographic data of its citizens. Throughout June, breaches containing troves of data identifying individuals were reported. Here’s a look at what data was vulnerable.

Advertisement. Scroll to continue reading.
  • An unsecured AP government portal exposed the names and numbers of all the people who had purchased medicines from the government-run generic medical stores — Anna Sanjivini Stores. The leak contained logs of Order ID, the Store Operator ID, Customer name, Customer phone number, details of the medicines, and the money paid, for each order. Details of people who had purchased Suhagra, a generic version of Viagra (a drug used to treat erectile dysfunction) were leaked as well.
  • It emerged that a state government portal which tracked ambulances in real-time was vulnerable and could be accessed by anybody with an internet connection. The portal was monitoring the movement of these vehicles and had sensitive information about the patient — such as the pick-up point, why the ambulance was called, and the hospital to which the patient was taken. Such knowledge and data gathering also raised concerns over the kind of data collected by state governments.
  • Details of up to 4.5 crore citizens — right from their phone numbers, insurance status, and home addresses — were exposed on a state government portal, accessible with only an Aadhaar number. All the data collected under Praja Sadhikhara Survey or Smart Pulse Survey, which is an extensive database of socio-economic and demographic data of citizens and seeded with Aadhaar, was open for access.

Read all our coverage of Andhra Pradesh data leaks here.

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ