- Varsity has no appropriate data secure system
Hyderabad: In yet another glaring instance case of data breach of a famous institution, details of over 16,800 candidates who had uploaded their details on the Andhra University website for non-teaching backlog posts reserved for SC/ST & PWD categories, 2018, has to come to light.
The link of an Excel sheet was found online where the details have been uploaded.
Not having conducted a security audit of the website is said to be the reason for the breach. Due to this, one would not even know of how many links are available from the open source. Moroover, the source was not secure.
Speaking to Newsmeter, Ethical hacker and Cyber security researcher, Rishi Dwivedi said “We keep our database highly secured so that no one can download any file from it without authorisation. Security audit of database should be done periodically so that we could know how much database has been secured and how much data is in the open source. In the absence of such preventive measures, no one will know how many files are kept online in open source.”
He points that database is made available only to authorised and registered officials.
The officials of the university make and save details in the website. But they do not know how to keep it secure and where and how files are downloaded and how much data is kept in open source.
The IT team head checks the security audit of the entire database. “Security audits should be done at least every year to avoid such lapses”, said Rishi.
Earlier, Telangana state para-medical board had leaked thousands of CVs and resumes that contained personal information of applicants and we’re found online by making a simple query search on Google.