• Home
• /
• World
• /
• Asia

India: Bengaluru civic body shuts down portal over data breach fears

Bengaluru - Professionals warn that it's easy for data brokers to access information by writing automated script

The Bengaluru civic body has hastily shut down its public health activities, surveillance and tracking portal after warnings by professionals of how sensitive health data and other information relating to citizens could be hacked easily.

The Free Software Movement of India (FSMI) informed the civic body that it was easy for data brokers to collect the information by writing an automated script. It urged officials to not only do a security audit but also take action against the software firm for its carelessness in building software without security.

“The IT Rules of 2011 clearly states that health record information is ‘sensitive’ data and the collection, storage and disclosure of such data must be bound by ‘Reasonable security practices and procedures,’ FSMI wrote to the Bengaluru municipal corporation.

“This is a clear violation of IT Rules (2011) and shows an appalling lack of attention to protecting individual’s personal and sensitive data. The lack of proper security practices for sensitive health record data, especially in the midst of the peak of the pandemic can lead to misuse, exploitation and poses a catastrophic risk overall.”

According to Srinivas Kodali of the FSMI, such data breaches relating to the civic body have happened in the past as well, with leaks from its call centres.

The sensitive data that was accessible on the portal included the patients’ name, age, gender, ID, lab name, test results, hospital details and the status of symptoms.