Srinagar, Aug 10: The Computer Emergency Response Team (CERT) that works under the aegis of the Ministry of Information Technology (MeitY) has sought an “urgent” report from the Kashmir University (KU) authorities after a major data breach was reported in the University’s data system that put the data of over a million students and employees for sale on ‘Dark Web’.
CERT is a national nodal agency which responds to cyber security incidents in the country, according to information available on the MeitY website.
Officials said the CERT flagged the “data breach” at Kashmir University after it was reported that besides the data of employees, the data of more than one million students including their registration numbers, email ids, passwords etc was put on sale on a ‘Dark Web’ hacking forum for 250 USD.
The incident triggered panic among KU employees and students who immediately took to social media platforms to express their outrage over the alleged data breach.
“How can the University’s data system be so unsafe that it can be breached so easily?” said a student of the computer sciences department, wishing anonymity. “The whole data security system in the university appears to be compromised. This breach in data has now put a big question mark over the security of our personal details which are available with the University authorities.”
Informed sources in the University told Greater Kashmir that the University which is more than 50 years old does not have a foolproof data protection policy as is the case with other universities and research institutions in the country.
A KU teacher, in know-how of the current incident, said the matter of threat to University data was reported to the University authorities many times in the past by few teachers and students but nothing was done to address it.
In its statement regarding the incident, the Kashmir University authorities however said the University data was “unmodified and further analysis is going on in the matter.”
“The alleged breach is being analysed as per the preliminary analysis it has been found that the data is unmodified,” the statement read, adding that “any breach on data read (which is already accessible in public domain) is being analysed in-depth and depending upon the analysis the University will take further course of action and take an appropriate legal recourse accordingly.”
A cyber expert however told Greater Kashmir that the index that was shown by the alleged hacker shows the details of University’s financial and budget transactions besides details of registration numbers of students “which is an inaccessible and confidential data” that has been breached.
“Whether data is modified or unmodified is a secondary issue. The primary issue is that a breach has taken place in the University system which is a cause of concern,” the expert said, adding that since the data that is reported to be breached is “diverse in content”, the alleged breach appears to have taken place “on multiple domains, possibly due to poor protocols in place.”
The students and teachers have demanded a high-level independent probe by a MeitY team into the present incident so that the responsibility for the lapse is fixed and the system is made “foolproof and accountable.”
When contacted, KU’s IT director Dr Maroof Qadri confirmed to Greater Kashmir that the CERT has sought a report “which is being prepared and will be submitted within the specified time period”.
“We are analysing the whole thing. But as of now it appears that the data is unmodified and safe. We will be submitting our report to CERT also after our team finishes the task,” he said.