A web system that was used to record employee attendance was left without a password since 2014, exposing Aadhaar numbers, names, job titles and phone numbers of Jharkhand government workers on the Internet, claimed the report.
The Google-indexed website which has now been pulled offline was located with stored copies of the attendance record pages of employee information and photos — on a sub-domain of the Jharkhand government’s website.
“Digital transformation promises to bring significant economic gains to India, but only if cyber security keeps pace and since more personal data is being created and stored by more organisations, security measures must also be resourced commensurately,” Steve Ledzian, Vice President, Chief Technology Officer (APAC) at US-based cybersecurity company FireEye told IANS.
Last year, around half-a-dozen people died of starvation in Jharkhand because they were denied rations from the Public Distribution System (PDS) shops for failing to possess an Aadhaar card.
“It’s important for Indian authorities to understand their security posture and risk profile so when incidents do happen, they can quickly spot the problem and respond appropriately,” said Ledzian.
There was no official statement from the state government or UIDAI on the matter as of now.