Government blocks websites that disclose confidential data like Aadhaar and PAN of citizens

According to an official statement released on Thursday, the government has taken action to block several websites that were exposing sensitive personal information such as Aadhaar and PAN card details of Indian citizens. This decision followed the identification of security vulnerabilities by the Computer Emergency Response Team of India (CERT-In), which operates under the Ministry of Electronics and Information Technology.

“It has come to the attention of MeitY that some websites are disclosing sensitive personal information including Aadhaar and PAN card details of Indian citizens. This has been taken seriously as the government gives utmost priority to secure cybersecurity practices and protection of personal data. In this regard, immediate action has been taken to block these websites,” the statement said.

The Unique Identification Authority of India (UIDAI) has filed a complaint with the relevant police authorities for violating the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which prohibits public display of Aadhaar information.

“The analysis of these websites by the Computer Emergency Response Team of India (CERT-In) has highlighted some security vulnerabilities on these websites. The affected website owners have been advised on the measures they need to take to strengthen their ICT infrastructures and address the vulnerabilities,” the statement said.

MeitY prioritizes cybersecurity and data protection

The Ministry of Electronics and Information Technology (MeitY) has introduced the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which prescribe non-publication and non-disclosure of sensitive personal information. Under these rules, any person adversely affected by disclosure of personal data can file a complaint and seek compensation from the Adjudicating Officer of the IT Act. State IT Secretaries are empowered to perform this function.

MeitY also highlighted that the Digital Personal Data Protection Act, 2023 has already been passed and the regulations under it are in the final stages of drafting. However, the official statement did not disclose the names or number of blocked websites. Despite government action, a simple search revealed that several websites were still leaking sensitive personal data such as Aadhaar, PAN card and driving license information of citizens. Data leaks like these make individuals vulnerable to online fraud. Last week, a cybersecurity researcher claimed that Star Health Insurance officials sold the data of 3.1 crore customers. The hacker is said to have created Telegram bots to access 31,216,953 customer records updated till July 2024 and 5,758,425 claims available till early August. In a video, the email ID of a senior Star Health official was revealed, showing a negotiation between the hacker, identified as xenZen, and the official. The amount was initially set at $28,000, but the official later demanded $150,000, stating that part of the payment would have to be passed on to senior management to maintain the data breach. Star Health Insurance has since filed a lawsuit against the hacker, Telegram, and other parties involved.

Contributions from PTI