Hyderabad: The resumes of 1,100 job applicants can be seen by all on the website of the Telangana State Para Medical Board as authorities seem unaware of the serious breach of privacy even after 24 hours.
The blunder was accidentally discovered on Wednesday when Rishi Dwivedi, an ethical hacker and cybersecurity researcher, ran a Google search with the string “CV or resume or Curriculum vitae file type:PDF or Doc”.
“This is a serious data breach in a government Website. Thousands of CVs and resumes that contain personal information of applicants can be found online by making a simple query search on Google, Dwivedi told Newmeter.
Publishing personal data online amounts to the breach of privacy and is a serious offence under the IT Act. “This can be very harmful for users too, any scammer may get these details to scam the users,” said the ethical hacker.
At the time of writing this report, the website still showed the CVs. Every time an applicant uploads his/her CV, the resume count goes up, with the Board officials yet to resolve the embarrassing error.
In an ideal scenario, only persons with admin rights can access resumes uploaded by candidates on an organisation’s website. However, this doesn’t seem to be the case with the Board. At last count, the website had made 1,101 resumes public.