- India’s insolvency process regulator has leaked the sensitive data of people by mistake.
- The incident was the result of a wrongful configuration on a newly set-up portal.
- The sensitive documents are still lying online and accessible by anyone, despite the admission of the error.
The IBBI (Insolvency and Bankruptcy Board of India) has made a dire configuration mistake while setting up its new online portal and leaked the full names, Aadhaar numbers, and PANs (Permanent Account Number) belonging to employees of firms that are currently undergoing corporate insolvency proceedings. The regulator is overseeing procedures of this kind as a public entity, and the purpose of the new portal was to increase the transparency of this work towards the public. However, it seems that the technicians who set it up implemented more transparency than what they should have gone for.
As reported by The Indian Express, the blunder was almost immediately admitted by the agency, which attributed the situation to a “mistake.” The medium reviewed three separate documents uploaded on the IBBI website and confirmed that 128 Aadhaar numbers and 234 PANs were exposed. However, the total number of the affected individuals may very easily be much greater, but there was no official confirmation on any specific figure.
A spokesperson of the IBBI has stated that the exposed information was meant to be used by the agency internally, so this was a mistake done by those setting up the portal due to not having a complete understanding of how the insolvency procedures work. The same person has assured the public that the issue will be resolved soon, likely within two or three days. This wasn’t very assuring, though, as the leaked data should have been taken offline immediately. In fact, the documents are still live on the IBBI website, and as publicity around the matter piles up, more users get the chance to access this sensitive data.
Having your Aadhaar or PAN leaked increases your chances of falling victim to identity theft actors, scammers, phishing campaigners, etc. In this case, the public entity should have treated the portal upgrade with greater caution and the data leak incident with greater urgency. Unfortunately, the circulation of notices of a breach isn’t something to be expected either, so each of the compromised companies should take the appropriate steps to inform their employees and help them stay safe.