New Delhi: The government has blocked several websites found to be exposing sensitive personal information, including Aadhaar and PAN card details of Indian citizens, according to an official statement released on Thursday.
The action was prompted by an investigation conducted by the Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY), which identified security vulnerabilities on these websites.
"It has come to the attention of MeitY that certain websites were leaking sensitive personal information, such as Aadhaar and PAN card details of Indian citizens. The government takes such breaches very seriously, as it prioritizes cybersecurity and the protection of personal data. Accordingly, swift action has been taken to block these websites," the statement said.
The Unique Identification Authority of India (UIDAI) has also lodged a police complaint, citing a violation of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016, which prohibits the public display of Aadhaar information.
CERT-In’s analysis revealed security flaws on the affected websites, and the site owners have been instructed on how to strengthen their IT infrastructure and fix the vulnerabilities.
MeitY has also highlighted that under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the publication or disclosure of sensitive personal data is strictly prohibited. Those impacted by the breach can file a complaint and seek compensation under the IT Act. State IT secretaries are authorized to serve as adjudicating officers for such cases.
Additionally, the recently enacted Digital Personal Data Protection Act, 2023, is nearing the final stages of rule drafting, aimed at further strengthening data security.
The news follows recent claims by a cybersecurity researcher that officials from Star Health Insurance sold data belonging to over 3 crore customers. The hacker allegedly used Telegram bots to access personal information and company claims data. Initially, the deal was valued at $ 28,000, but was raised to $ 150,000, with claims that higher management needed a share for continued data leaks.
Star Health Insurance has since filed legal action against the hacker, Telegram, and others involved. Such breaches raise serious concerns about the vulnerability of citizens' data to online scams.
(With PTI inputs.)