Le cloud du gouvernement indien a divulgué les données personnelles des citoyens en ligne pendant des années

For years, the Indian government’s cloud has exposed its citizens’ personal information online

In an eye-opening development for India’s cybersecurity, a major breach has been exposed, raising concerns over the protection of citizens’ personal data. Sourajeet Majumder, a security expert, discovered that large amounts of personal data, including **Aadhaar numbers**, information related to **COVID-19** vaccination, and details of ** passport** were freely accessible online. The leak is attributed to improper configuration of the Indian government’s cloud service, named S3WaaS, touted as a secure solution for deploying government websites.

This alarming situation was first revealed in 2022 when Majumder observed that sensitive data was available on the open internet. Even more worrying, search engines had indexed these documents, making finding private data that much easier for anyone who knew the terms to search for. Alerted by this discovery, Majumder turned to the Internet Freedom Foundation, which helped him communicate this flaw to CERT-In (India’s Computer Emergency Response Team) as well as the National Security Center. ‘Indian Government IT.

CERT-In quickly took note of the problem and links to the sensitive files were removed from public search engines. However, sadly, according to Majumder, this action did not completely resolve the breach as personal information continued to be exposed online until very recently.

The exact scale of this data breach remains difficult to assess, but Majumder warns of the potential dangers, particularly regarding identity theft and scams. It also highlights the specific risks of leaking private medical information, such as COVID-19 test results and vaccination records. These revelations could not only compromise the privacy of individuals but also lead to discrimination and social rejection.

A lire également  Mitigating Natural Disaster Risk When Investing in Commercial Real Estate

Faced with this situation, Majumder calls for a burst of reflection on IT security policies. It is imperative that this incident serve as a trigger for the implementation of rigorous data security reforms to effectively protect citizens’ privacy.

In conclusion, as cyber threats continue to evolve, the incident highlights the need for constant vigilance and reassessment of the security measures in place to safeguard individuals’ personal data against unauthorized access.