Centre blocks some websites exposing Aadhaar, PAN details – ET CISO
https://etimg.etb2bimg.com/thumb/msid-113726730,imgsize-19776,width-1200,height=765,overlay-etciso/data-breaches/centre-blocks-some-websites-exposing-aadhaar-pan-details.jpg
New Delhi, The government has blocked some websites that were exposing sensitive personal identifiable information (PII), including Aadhaar and PAN card details of Indian citizens.
The IT Ministry was made aware that some portals were exposing sensitive data of people. The Unique Identification Authority of India (UIDAI) lodged a complaint with the police authorities concerned for violation of the prohibition under section 29(4) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 on public display of Aadhaar information.
According to MeitY, the analysis of these websites by the Indian Computer Emergency Response Team (CERT-In) revealed some security flaws in these websites.
The concerned websites owners were provided guidance about the actions to be taken at their end for improving the ICT infrastructures and fixing the vulnerabilities.
The Indian cyber agency has issued guidelines for all entities using IT applications.
CERT-In has also given directions under the Information Technology Act, 2000, (IT Act) relating to information security practices, procedure, prevention, response and reporting of cyber incidents.
The IT Act provides for non-publication and non-disclosure of sensitive personal data.
Any adversely affected party can approach the Adjudicating Officer under section 46 of the IT Act for filing a complaint and seeking compensation. The IT Secretaries of the States are empowered as Adjudicating Officers under the IT Act, said the ministry.
“Further, the Digital Personal Data Protection Act, 2023 has already been enacted and the Rules under this Act are in the advanced stage of drafting,” it added.
A programme has also been initiated that will help in creating a nationwide awareness and understanding among diverse stakeholders about responsible use and proactive measures which will curb unnecessary exposure of personal data by various entities.