Sunday, July 19, 2026

Leaked Aadhaar numbers of 69,83,048 school children reported by a security researcher

Date:

April 27, 2018: Security researcher Srinivas Kodali has reported another leak of Aadhaar numbers, this time, of school going children, along with details of their school, class, medium (language) and date of birth.

Security researcher Srinivas Kodali has reported several leaks of data in the past. Notably the leak of over 130 million Aadhaar linked details last year and the leaks of surveillance enabling data and data of MNREGA workers this week. This isn’t the first time that government websites have leaked data of citizens. Srinivas Kodali has also reported a leak of 500,000 to 600,000 Aadhaar details of children by a Telangana Government website last year. The government has repeatedly denied leaks and breaches of Aadhaar data, including in replies to direct questions in the Parliament: As on date, no incident of data breach has been reported from Central Identities Data Repository (CIDR) of Unique Identification Authority of India (UIDAI). MediaNama’s take Children in India are legally not able to consent, and making the providing of Aadhaar mandatory in schools forces enrollment with the “consent” of the guardian. However, in reality the parent or guardian has no choice but to get the Aadhaar made, so the consent is illusory. This had been a point of argument by petitioners in the constitutional challenge to Aadhaar being heard by a 5 judge bench in the Supreme Court of India. Leaks of information of this sort further compromise the privacy of children and can make them vulnerable to criminals who can use such information.

April 29, 2018: Andhra Pradesh government shuts down 3 sites for data leak

So far, AP government websites have leaked data concerning nearly two crore Aadhaar card holders out of a state population of five crore.

The Andhra Pradesh government finally pulled its act together and shut down pages of three websites leaking sensitive private information of several lakh Aadhaar cardholders, including that of 69.83 lakh students. 

The move comes after repeated complaints over five days to the Unique Identification Authority of India (UIDAI) and the Computer Emergency Response Team (CERT). 

So far, the AP government websites have leaked data concerning nearly two crore Aadhaar card holders out of a state population of five crore.

The Commissionerate of School Education (AP) website had collected information of 69,83,048 students across the state to primarily identify the percentage of school dropouts. 

Related Article:

However, the government website leaked names, addresses and Aadhaar details of those students. Second, the AP State Housing Corporation website was found to be displaying Aadhaar numbers, bank branches, IFSC codes, account numbers, father’s names, addresses, gram panchayat, mobile numbers, ration card numbers, occupation, religion and caste of housing scheme beneficiaries. And third, the Wages & Social Security Pensions (MGNREGA) Benefit Disbursement Portal (AP) put on public display the identity of benefit recipients.

The data leak was identified by independent security researcher Srinivas Kodali, who filed multiple complaints with various state and Central security agencies, and told Deccan Chronicle that AP has no centralised agency to report data breaches, except for a cyber-security website.

“Even the UIDAI does not have a central platform to accept complaints. However, when the issue was raised to multiple agencies including CERT and the National Physical Information Protection Centre, the pages were removed from the websites,” he said.

Apr 7, 2023: Parents of schoolchildren in Bengaluru raise concern over likely data breach

Hundreds of parents in Bengaluru are being spammed with similar messages and calls.

Rahul R (name changed), father of a class 10 student, finds his phone spammed with messages and calls from coaching institutes and PU colleges these days, asking him if he needs information on admissions and leaving him clueless on how the callers got his phone number. He was all the more perplexed because he had neither visited any of those websites nor looked up the Internet for information on them.

Rahul is not alone. Hundreds of parents in the city are being spammed with similar messages and calls, raising concern over a possible data leak. TOI had reported earlier this week that the state education department was insisting on students sharing their Aadhaar card numbers.

Mohammed Shakeel, the president of Voice of Parents and himself the parent of a class 10 student, said that schools share data with different vendors, resulting in a spike in such calls. “Private data of minors and their parents, provided to schools, is shared by most schools with third-party service providers or vendors. This results in data breach and may even compromise the security of schoolchildren,” Shakeel said.

“Suitable measures must be taken to protect data provided to schools. It must be stored in the systems/servers of the school and must not be outsourced or shared with third-party service providers. Any contract with such parties must be revoked with immediate effect to ensure the safety of children,” he added.

However, D Shashi Kumar, general secretary of the Association of Managements of Primary and Secondary Schools of Karnataka, alleged that it is not the schools but officials at the department of education who are the more likely source behind the leak. “It is a common practice that officials send Google spreadsheets on WhatsApp groups and ask schools to fill in the data of students or teachers. We have now warned all our members not to share any data unless officially sought,” he said.

CLICK HERE

The department of school education, though, has denied the charge. “These are unsubstantiated allegations. What proof do school associations have about education department officials leaking data? If at all the associations can prove any [department] official’s involvement, we are ready to take action,” said Vishal R, the commissioner, department of school education.

However, experts say the issue is old and the leak can happen in many ways, with data sets being available online.

“There are various government systems that collect children’s data — scholarship programmes, exam results, admission to government institutions like Kendriya Vidyalaya. These are known issues. The problem is that data is not protected the way it should be,” said Anivar Aravind, a digital rights activist.

Ruing that no steps are being taken by the government or education department to ensure data privacy, Aravind said even as a data protection Bill is around the corner in Parliament, there is no clarity yet on data consent. “And parents are at a non-negotiable end as they have to share these details to be able to access the services,” said Aravind.

Children’s Right to Privacy hangs in the balance

This is not the first time children’s privacy has been put at risk. Previously, Ukhrul TimesNagaland Express, and India Times broke the news of a pan-India personal data breach of Class X and Class XII students in which their names, father’s names, physical addresses, institution names, and even contact details including phone numbers and email addresses were found in various databases which were being sold on the internet, including on Amazon. Pursuant to this, we wrote to twenty-eight State Commissions for the Protection of Child Rights and four Union Territory Commissions for the Protection of Child Rights to raise our grievances. We urged the Commissions to initiate an inquiry on the infringing websites and the e-commerce platform (Amazon) and to also forward the case to the Magistrate having the jurisdiction to hear the complaint. The Commissions were also advised to frame and implement remedial measures and guidelines to prevent the leakage of students’ personal data henceforth.

About 2 Crore Indian Students’ Data Selling Online For ₹299

Confidential data of students could be at risk as a website claiming to sell 2 crore students data for just Rs 299. 

Off late, we’ve been seeing confidential data of users being sold on the dark web by hackers like the ones with Mobikwik, Domino’s and others. 

However, now someone is claiming to sell user data of crores of Indian students. 

The data is being sold on the website ‘studentdatabase.in’ that gives you an option to either purchase a database of two crore students or purchase a 100 crore pan-India database — each for Rs 399. However, when we tried to click on either of the links, the site showed a 404 error.

Student data exposed on Andhra Pradesh Government Examination website!

Sai Sravan Prabhala, a cyber-security researcher, informed us of a critical vulnerability exposing the sensitive personal information of minors. This existed on the website of the Directorate of Government Examinations, Government of Andhra Pradesh’s for the 2021 examinations. While this functionality itself has been removed, to prevent it from occurring again assisted by Sai, we have written to them and CERT-In.

Byju’s exposed sensitive student data, including loan details

The Indian startup exposed some students’ names, phone numbers, addresses and email IDs. The exposed data also included loan details such as payouts, links to scanned documents and transactional information related to some students.

Security researcher Bob Diachenko found the exposure due to a misconfigured Apache Kafka server used by Byju’s to send and receive data in real time. Diachenko told TechCrunch that there were several IP addresses with the misconfigured server, which enabled anyone to access the queue to read the records without a password.

“Anyone could have connected to the queue and read or download the messages,” the researcher told TechCrunch.

The data was first found to be exposed on August 15, according to Shodan, a search engine for exposed devices and databases.

While the exact number of students whose data was exposed is unclear, Diachenko said one to two million records were accessible due to the issue.

Read more : ( https://techcrunch.com/2023/08/25/byjus-student-data-exposed/ )

Additional Information:

Legal Consequences of the Vulnerability

This vulnerability violates the students’ fundamental right to privacy, as upheld by the Supreme Court in K.S. Puttaswamy v. Union of India (2019) 1 SCC 1. Significantly, the decision highlighted the need to secure children’s right to privacy, bearing in mind that minors lack the legal capacity to give consent. Additionally, the Government of India has ratified the United Nations Convention on the Rights of the Child (UNCRC). As a result, India endeavours to protect children from all forms of exploitation and arbitrary or unlawful interference with their privacy. Hence, if necessary measures are not taken to protect the personal information of children, it would stand in violation of the Puttaswamy decision, and the UNCRC.

( http://164.100.86.208/NCPCR.pdf?ref=static.internetfreedom.in#page=9 )

The information exposed by the above-mentioned vulnerability – such as “caste or tribe” and ”religious affiliation” – has been categorised as “sensitive personal data” under the proposed Personal Data Protection Bill, 2019 (“2019 bill”) as well as the Draft Data Protection bill 2021 (“2021 bill”), for which the Data Protection Authority is empowered to specify additional regulations, safeguards or restrictions. Clause 24 of the bill requires data fiduciaries to implement necessary security safeguards including “steps necessary to prevent misuse, unauthorised access to, modification, disclosure or destruction of personal data”. Neglecting to do so can result in a penalty not exceeding five crore rupees or two percent of the fiduciaries worldwide turnover of the preceding financial year, whichever is higher. Further, the vulnerability causes significant “harm” – as defined under Clause 3(23) of the Draft Data Protection bill, 2021 –  to those affected as anyone can edit their personal details which can lead to “loss, distortion or theft of identity”, “humiliation”, and “observation or surveillance that is not reasonably expected”.

Currently, in the absence of an overarching data protection legislation, according to Section 72A of the Act, the websites, school managements, and individuals involved in the mass student data breach can be imprisoned for a term of up to three years or/and can be fined up to five lakh rupees.

Source: TOI, TC, India Times, Medianama, Deccan Chronicle,

Also Read:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related articles

Delhi Police took Sonam Wangchuk to the hospital for treatment

The 21-day-long protest, which saw Sonam Wangchuk on a hunger strike at Jantar Mantar, demanding the release of...

The US attack on Chabahar Port isn’t just news about Iran,but”strategic” alert for India.

Amid US-Iran tensions, news of the attack on Chabahar Port has raised concerns in India. However, India has...

Torn DL? Download it on your phone using four methods, understand each step

Often, driving licenses become torn over time, and sometimes the DL's printing also wears off. In such a...

What’s the difference between a heart attack and a panic attack

When symptoms like sudden chest pain, rapid heartbeat, sweating, and a feeling of death appear, most people assume...
news-1701

yakinjp

yakinjp

rtp yakinjp

yakinjp

yakinjp

yakin jp

yakinjp id

maujp

maujp

maujp

\

sabung ayam online

sabung ayam online

SLOT MAHJONG

sabung ayam online

article 0000141

article 0000142

article 0000143

article 0000144

article 0000145

article 0000146

article 0000147

article 0000148

article 0000149

article 0000150

article 0000151

article 0000152

article 0000153

article 0000154

article 0000155

article 0000156

article 0000157

article 0000158

article 0000159

article 0000160

article 0000161

article 0000162

article 0000163

article 0000164

article 0000165

article 0000166

article 0000167

article 0000168

article 0000169

article 0000170

article 0000171

article 0000172

article 0000173

article 0000174

article 0000175

article 0000176

article 0000177

article 0000178

article 0000179

article 0000180

article 0000181

article 0000182

article 0000183

article 0000184

article 0000185

article 0000186

article 0000187

article 0000188

article 0000189

article 0000190

article 00046

article 00047

article 00048

article 00049

article 00050

article 00051

article 00052

article 00053

article 00054

article 00055

article 00056

article 00057

article 00058

article 00059

article 00060

article 00061

article 00062

article 00063

article 00064

article 00065

article 00066

article 00067

article 00068

article 00069

article 00070

article 00071

article 00072

article 00073

article 00074

article 00075

article 00076

article 00077

article 00078

article 00079

article 00080

article 00081

article 00082

article 00083

article 00084

article 00085

article 00086

article 00087

article 00088

article 00089

article 00090

article 00091

article 00092

article 00093

article 00094

article 00095

article 888836

article 888837

article 888838

article 888839

article 888840

article 888841

article 888842

article 888843

article 888844

article 888845

article 888846

article 888847

article 888848

article 888849

article 888850

article 888851

article 888852

article 888853

article 888854

article 888855

article 888856

article 888857

article 888858

article 888859

article 888860

article 888861

article 888862

article 888863

article 888864

article 888865

articel 000000171

articel 000000172

articel 000000173

articel 000000174

articel 000000175

articel 000000176

articel 000000177

articel 000000178

articel 000000179

articel 000000180

articel 000000181

articel 000000182

articel 000000183

articel 000000184

articel 000000185

articel 000000186

articel 000000187

articel 000000188

articel 000000189

articel 000000190

articel 000000191

articel 000000192

articel 000000193

articel 000000194

articel 000000195

articel 000000196

articel 000000197

articel 000000198

articel 000000199

articel 000000200

articel 000000201

articel 000000202

articel 000000203

articel 000000204

articel 000000205

articel 000000206

articel 000000207

articel 000000208

articel 000000209

articel 000000210

articel 000000211

articel 000000212

articel 000000213

articel 000000214

articel 000000215

articel 000000216

articel 000000217

articel 000000218

articel 000000219

articel 000000220

article 2000136

article 2000137

article 2000138

article 2000139

article 2000140

article 2000141

article 2000142

article 2000143

article 2000144

article 2000145

article 2000146

article 2000147

article 2000148

article 2000149

article 2000150

article 2000151

article 2000152

article 2000153

article 2000154

article 2000155

article 2000156

article 2000157

article 2000158

article 2000159

article 2000160

article 2000161

article 2000162

article 2000163

article 2000164

article 2000165

article 2000166

article 2000167

article 2000168

article 2000169

article 2000170

article 2000171

article 2000172

article 2000173

article 2000174

article 2000175

article 2000176

article 2000177

article 2000178

article 2000179

article 2000180

article 2000181

article 2000182

article 2000183

article 2000184

article 2000185

article 838000421

article 838000422

article 838000423

article 838000424

article 838000425

article 838000426

article 838000427

article 838000428

article 838000429

article 838000430

article 838000431

article 838000432

article 838000433

article 838000434

article 838000435

article 838000436

article 838000437

article 838000438

article 838000439

article 838000440

article 838000441

article 838000442

article 838000443

article 838000444

article 838000445

article 838000446

article 838000447

article 838000448

article 838000449

article 838000450

article 838000451

article 838000452

article 838000453

article 838000454

article 838000455

article 838000456

article 838000457

article 838000458

article 838000459

article 838000460

news-1701