We respond to the Ministry of Electronics and Information Technology’s Draft Data Access Policy. The policy raises serious privacy concerns due to its perverse economic incentives on data sharing.
tl;dr Sai Sravan Prabhala, a cyber-security researcher, informed us of a critical vulnerability exposing the sensitive personal information of minors. This existed on the website of the Directorate of Government Examinations, Government of Andhra Pradesh’s for the 2021 examinations. While this functionality itself has been removed, to prevent it from occurring again assisted by Sai, we have written to them and CERT-In. Background On 22nd December 2021, cyber-security researcher Sai Sravan Prabhala reached out to us, to bring to our notice a vulnerability in the Andhra Pradesh Directorate of Government Examination website which put the sensitive personal information of minors at risk of misuse....
A vulnerability in the ECI’s National Voters Service Portal website was exposed by an independent security researcher in December last year. The vulnerability allowed access to un-redacted, registered phone numbers of voters. The vulnerability was eventually patched by the ECI IT team.
Data breaches are now becoming increasingly common. In a scenario like this, it becomes really important to learn not only how you can protect yourself, but also the measures you can take if your data is leaked in a data breach.